PT> I think that the MD5 (or other message digest or secure hash algorithm)
PT> is used only when
PT> the client and the server ALREADY SHARE A SECRET (such as a password).
PT> (it is assumed that some other secure channel has been used to transmit
PT> that secret from one party to the other).
The HTTP Digest Access Authentication scheme does require a shared
secret.
PT> In the Internet Printing context, I can see an end-user who would like
PT> to print to
PT> an IPP-Printer that may not have any knowledge about the end-user.
PT> In such a case, requiring MD5 will prevent the end-user from
PT> printing, even if no security of any kind is necessary (internet or
PT> intranet).
If the printer is configured to accept print jobs without
authentication, then it does not need to issue an authentication
challenge and none will be needed.
-- Scott Lawrence EmWeb Embedded Server <lawrence@agranat.com> Agranat Systems, Inc. Engineering http://www.agranat.com/