IPP> [Fwd: Re: [Fwd: SEC - Protocol names for security protocols]]

Larry Masinter (masinter@parc.xerox.com)
Sat, 1 Mar 1997 11:20:52 PST

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: geoff: "IPP> > QUIZ < MAC addresses - where does one register as a manufacturer ??"
• Previous message: Randy Turner: "Re: IPP>MOD - HTML and IPP streams -Reply"

This is a multi-part message in MIME format.

--------------22EB695A3B97
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

I would rather not be middleman in this conversation.

-- 
http://www.parc.xerox.com/masinter

--------------22EB695A3B97
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Received: from alpha.xerox.com ([13.1.64.93]) by casablanca.parc.xerox.com with SMTP id <71896>; Fri, 28 Feb 1997 12:36:33 PST
Received: from LCS.MIT.EDU ([18.26.0.36]) by alpha.xerox.com with SMTP id <16206(3)>; Fri, 28 Feb 1997 12:36:28 PST
Received: from beach.w3.org by MINTAKA.LCS.MIT.EDU id aa20420;
          28 Feb 97 15:35 EST
Sender: connolly@parc.xerox.com
Message-ID: <331741AB.216A0B2D@w3.org>
Date: Fri, 28 Feb 1997 12:35:55 PST
From: Dan Connolly <connolly@w3.org>
Organization: World Wide Web Consortium
X-Mailer: Mozilla 3.01 (X11; I; Linux 2.0.18 i586)
MIME-Version: 1.0
To: Larry Masinter <masinter@parc.xerox.com>
CC: http-wg@cuckoo.hpl.hp.com
Subject: Re: [Fwd: SEC - Protocol names for security protocols]
References: <33173BC7.4522@parc.xerox.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Larry Masinter wrote:
> Date: Fri, 28 Feb 1997 11:32:57 PST
> From: Carl-Uno Manros <cmanros@cp10.es.xerox.com>
...

>I believe that if SSL is used in combination with HTTP it
> is currently identified with "SHTTP" in the URL rather than just "HTTP". Is
> this correct?

Nope. SHTTP is the Shiffman et. al. protocol.

HTTP over SSL is https:...

I don't have exact citations, nor do I have time to look
them up.

If anybody else does, I'm interested: I maintain:

	http://www.w3.org/pub/WWW/Addressing/schemes

>Our
> assumption is that once you are in the secure protocol, you can then
> negotiate which security features within that protocol you want to use.

Yes, due to the possibility of man-in-the-middle attacks,
"bootstrapping" security is quite difficult: you can't just
take cleartext declarations of the form "printer X does/does not
support security mechanism Y" and act on them. You have to
have some way of authenticating even that first step.

So you really need a protocol with message integrity before
you can even start negotiating.

You could get security declarations (and key/certificate material)
out of authenticated
body parts (e.g. HTML docs) sent over HTTP using MD5-auth or
some such. Hmmm...

Dan


--------------22EB695A3B97--

• Next message: geoff: "IPP> > QUIZ < MAC addresses - where does one register as a manufacturer ??"
• Previous message: Randy Turner: "Re: IPP>MOD - HTML and IPP streams -Reply"

Comments are owned by the poster. All other material is Copyright © 2001-2024 The Printer Working Group. All rights reserved. IPP Everywhere, the IPP Everywhere logo, and the PWG logo are trademarks of the IEEE-ISTO.
About the PWG · Privacy Policy · PWG Webmaster