IPP Mail Archive: IPP> SEC - Protocol names for security protocols

IPP> SEC - Protocol names for security protocols

Carl-Uno Manros (cmanros@cp10.es.xerox.com)
Fri, 28 Feb 1997 11:32:57 PST

Larry,

we have had a discussion in the IPP security sbgroup, which has resulted in
a question for you.

We need some way of signalling whether a particular printer optionally
supports or even enforces the use of a secure protocol in combination with
IPP.

Examples that we are looking at include RFC 2069 security and the various
versions of SSL. I believe that if SSL is used in combination with HTTP it
is currently identified with "SHTTP" in the URL rather than just "HTTP". Is
this correct?

If we could assume that all security protocols used with HTTP would carry
their own protocol names, it would make life a lot simpler for us. As we
are planning to identify printers with a URL address, we would then give a
printer that can handle both secure and non-secure print requests two URL
names, one with "HTTP://..." and one with "SHTTP://...." and the IPP client
can then invoke operations on one or the other. A printer that only
supports secure printing, would obviously only have an "SHTTP://..." address.

So I am back to our question: Can we assume that secure versions of HTTP
will always have separate names, eg. what is planned for RFC 2069? Our
assumption is that once you are in the secure protocol, you can then
negotiate which security features within that protocol you want to use.

You may want to forward this note to the HTTP list, in case you do not have
an easy answer.

Thankful for your feedback,

Carl-Uno

Carl-Uno Manros
Principal Engineer - Advanced Printing Standards - Xerox Corporation
701 S. Aviation Blvd., El Segundo, CA, M/S: ESAE-231
Phone +1-310-333 8273, Fax +1-310-333 5514
Email: manros@cp10.es.xerox.com