attachment
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Lucida Console";
panose-1:2 11 6 9 4 5 4 2 2 4;}
@font-face
{font-family:"Andale Mono";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.apple-style-span
{mso-style-name:apple-style-span;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1570726828;
mso-list-type:hybrid;
mso-list-template-ids:-1360333458 -1340599802 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:87.75pt;
text-indent:-.25in;
mso-ansi-font-size:11.0pt;
font-family:"Times New Roman","serif";
mso-ascii-font-family:Calibri;
mso-fareast-font-family:Calibri;
mso-hansi-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";
color:#1F497D;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:123.75pt;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
margin-left:159.75pt;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:195.75pt;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:231.75pt;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
margin-left:267.75pt;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:303.75pt;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:339.75pt;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
margin-left:375.75pt;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Hi Mike,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Please see my comments (prefixed with [Soma]) below.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Thanks and Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Somasundaram. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Michael Sweet [mailto:msweet@apple.com] <br>
<b>Sent:</b> Tuesday, July 15, 2014 12:02 AM<br>
<b>To:</b> Soma Meiyappan<br>
<b>Cc:</b> <ipp@pwg.org>; Peter Zehler; Ira McDonald; Paul Tykodi<br>
<b>Subject:</b> Re: Conexant has reviewed the IPP Scan Service specification and has comments<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Soma,<span style="font-size:12.0pt"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Jul 13, 2014, at 11:10 PM, Soma Meiyappan <<a href="mailto:Soma.Meiyappan@conexant.com">Soma.Meiyappan@conexant.com</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoListParagraph" style="background:white"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"">... </span><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;background:white;background-position:initial initial;background-repeat:initial initial;z-index:auto">
<span style="font-size:10.0pt;font-family:"Verdana","sans-serif"">4. This could be a topic for the implementer’s guide; but can be addressed in the specification too: While we are mostly not concerned about products that choose the most secure channel for
communicating with the device, we may want to briefly touch vulnerability as the stakes are higher with new operation attributes related to credentials to access third party services have been introduced in IPP Scan. Further since these may not be sufficiently
covered by the security considerations of RFC2911, it may be safer to discuss the vulnerability aspect of these, just in case it is not obvious to the implementers. We could do one of the three below. Only 4.a is a secure method. 4.b is sufficiently addresses
security of credentials if the client is properly implemented and if certification processes ensure that. 4.c is purely a warning to the developer.</span><o:p></o:p></p>
<p class="MsoListParagraph" style="margin-left:1.0in;text-indent:-.25in;background:white;background-position:initial initial;background-repeat:initial initial;z-index:auto">
<span style="font-size:10.0pt;font-family:"Verdana","sans-serif"">a. By specification, make encryption (IPPS) mandatory for Scan (either always or at least, if credentials are required): I know that this is a little heavy handed and may not be well liked;
but ‘IPP Scan’ does not have any legacy support to worry about.</span><o:p></o:p></p>
<p class="MsoListParagraph" style="margin-left:1.0in;text-indent:-.25in;background:white;background-position:initial initial;background-repeat:initial initial;z-index:auto">
<span style="font-size:10.0pt;font-family:"Verdana","sans-serif"">b. Advertise those destination-uri that REQUIREs credentials only if the request came in through a secure channel (https or USB) and not if the request came through an unsecure channel (http
and not USB). One implementation concern here is some web-servers may not convey information about the secureness of the channel to the application layer; but not something insurmountable. This also means that unsecure IPP will be a reduced function set compared
to the secure IPPS. While this duality may make some uncomfortable, this is a very pragmatic way to keep user information safe.</span><o:p></o:p></p>
<p class="MsoListParagraph" style="margin-left:1.0in;text-indent:-.25in;background:white;background-position:initial initial;background-repeat:initial initial;z-index:auto">
<span style="font-size:10.0pt;font-family:"Verdana","sans-serif"">c. Make comments about the vulnerability in exposing credentials through IPP (instead of IPPS)</span><o:p></o:p></p>
</div>
</blockquote>
<div>
<p class="MsoNormal" style="background-position:initial initial;background-repeat:initial initial;z-index:auto">
<span style="font-size:12.0pt;font-family:"Times New Roman","serif""><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif"">We definitely need to say something about this in the security considerations; requiring the use of TLS (IPPS or IPP with HTTP Upgrade) is probably the way to go.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#1F497D">[Soma] Which of these three options are you thinking?<o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:87.75pt;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><span style="mso-list:Ignore">1.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Calibri","sans-serif";color:#1F497D">Unconditionally for IPP Scan over network (IPP Scan over USB is still probably going to be an unencrypted channel)</span><o:p></o:p></p>
<p class="MsoListParagraph" style="margin-left:87.75pt;text-indent:-.25in;mso-list:l0 level1 lfo1;z-index:auto">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><span style="mso-list:Ignore">2.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Calibri","sans-serif";color:#1F497D">Conditionally when Scan2 is performed (whether credentials are required are used or not)</span><o:p></o:p></p>
<p class="MsoListParagraph" style="margin-left:87.75pt;text-indent:-.25in;mso-list:l0 level1 lfo1;z-index:auto">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><span style="mso-list:Ignore">3.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Calibri","sans-serif";color:#1F497D">Conditionally when Scan2 is performed (when credentials are required)</span><br>
<br>
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal" style="background:white"><b><u><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"">...</span></u></b><o:p></o:p></p>
</div>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal" style="background:white"><b><u><span style="font-size:10.0pt;font-family:"Verdana","sans-serif"">Proposal for new attributes to destination-uri-ready
</span></u></b><o:p></o:p></p>
<p class="MsoNormal" style="background:white;background-position:initial initial;background-repeat:initial initial;z-index:auto">
<span style="font-size:10.0pt;font-family:"Verdana","sans-serif""> </span><o:p></o:p></p>
<p style="background:white;background-position:initial initial;background-repeat:initial initial;z-index:auto">
<span style="font-size:10.0pt;font-family:"Verdana","sans-serif"">If destination-uri-ready can take additional member attributes to allow the system to specify the OAuth URL that the scan client needs to contact and the auth scope that the authorisation should
be requested for, the scan client may be able to try to start the OAuth2 flow by connecting to the OAuth URL (and specifying the auth scope in the process), finish the OAuth2 process and get the OAuth2 access token for accessing the service that the device
wants the access token for. For that, I would like to propose an optional attribute that is part of a destination-uri-ready.</span><o:p></o:p></p>
<p style="background:white;background-position:initial initial;background-repeat:initial initial;z-index:auto">
<span style="font-size:10.0pt;font-family:"Verdana","sans-serif""> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Lucida Console""> destination-uri-ready</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Lucida Console""> destination-uri</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Lucida Console""> . . .</span><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:"Lucida Console""> [destination-oauth-descriptor (collection)]</span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:"Lucida Console""> [destination-oauth-uri (uri)]</span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:"Lucida Console""> destination-oauth-scope (1setOf text(MAX))</span></i><o:p></o:p></p>
</div>
</blockquote>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif""><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif"">I think I'd rather make these optional top-level member attributes - drop the destination-oauth-descriptor collection, put them directly under the destination-uri-ready
collection. As for the scope, you probably want "1setOf octetString(MAX)" since text implies a localized string value.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#1F497D">[Soma] Sounds good. Thanks for correcting me on the suitable type for scope. After reviewing RFC 2911, I agree that octetString is more appropriate for scope.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif"">We'll also need something similar for the System Control Service spec, since that will be expanding our support for OAuth and delegated access control/credentials.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif""><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Andale Mono","serif";color:black">_________________________________________________________<br>
Michael Sweet, Senior Printing System Engineer, PWG Chair<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif""><o:p> </o:p></span></p>
</div>
</div>
</body>
</html>