attachment
<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Greetings,<div class=""><br class=""></div><div class="">In my presentation to the Mopria Technical Working Group yesterday, a question arose about TLS version negotiation failures, and whether the Client would be notified of such failures at the IPP level. I responded that there might be a response at the IPP level but that Clients (and Printers) need to also be aware of the TLS and HTTP levels. But then I remembered that, in the latest draft of the IPP Authentication Methods white paper, Mike and I expanded and revised section 3.1.7 "The 'certificate' IPP Authentication Method" to include the following:</div><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;" class="">
<div class="page" title="Page 13">
<div class="layoutArea">
<div class="column">
<ol start="188" style="list-style-type: none" class="">
<li class=""><p class=""><span style="font-size: 12.000000pt; font-family: 'ArialMT'" class="">The Printer SHOULD </span><span style="font-family: ArialMT; font-size: 12pt;" class="">return the IPP status code listed in Table 3.1 when the corresponding authentication </span><span style="font-family: ArialMT; font-size: 12pt;" class="">exception occurs. The Client SHOULD respond to the reported status code with the </span><span style="font-family: ArialMT; font-size: 12pt;" class="">corresponding response listed in Table 3.1.</span></p></li>
</ol><p class=""><br class=""></p>
</div>
</div>
<table style="border-collapse: collapse" class=""><colgroup class=""><col style="width: 29.852911%" class=""><col style="width: 30.764450%" class=""><col style="width: 39.382639%" class="">
</colgroup><tbody class=""><tr class="">
<td style="border-style: solid; border-top-width: 0.050000pt; border-top-color: rgb(0.000000%, 0.000000%, 0.000000%); border-right-width: 0.050000pt; border-right-color: rgb(0.000000%, 0.000000%, 0.000000%); border-bottom-width: 0.050000pt; border-bottom-color: rgb(0.000000%, 0.000000%, 0.000000%); border-left-width: 0.050000pt; border-left-color: rgb(0.000000%, 0.000000%, 0.000000%)" class="">
<div class="layoutArea">
<div class="column"><p class=""><span style="font-size: 10.000000pt; font-family: 'Arial'; font-weight: 700" class="">Operation Status Code
</span></p>
</div>
</div>
</td>
<td style="border-style: solid; border-top-width: 0.050000pt; border-top-color: rgb(0.000000%, 0.000000%, 0.000000%); border-right-width: 0.050000pt; border-right-color: rgb(0.000000%, 0.000000%, 0.000000%); border-bottom-width: 0.050000pt; border-bottom-color: rgb(0.000000%, 0.000000%, 0.000000%); border-left-width: 0.050000pt; border-left-color: rgb(0.000000%, 0.000000%, 0.000000%)" class="">
<div class="layoutArea">
<div class="column"><p class=""><span style="font-size: 10.000000pt; font-family: 'Arial'; font-weight: 700" class="">Authentication Exception
</span></p>
</div>
</div>
</td>
<td style="border-style: solid; border-top-width: 0.050000pt; border-top-color: rgb(0.000000%, 0.000000%, 0.000000%); border-right-width: 0.050000pt; border-right-color: rgb(0.000000%, 0.000000%, 0.000000%); border-bottom-width: 0.050000pt; border-bottom-color: rgb(0.000000%, 0.000000%, 0.000000%); border-left-width: 0.050000pt; border-left-color: rgb(0.000000%, 0.000000%, 0.000000%)" class="">
<div class="layoutArea">
<div class="column"><p class=""><span style="font-size: 10.000000pt; font-family: 'Arial'; font-weight: 700" class="">Recommended Client Response
</span></p>
</div>
</div>
</td>
</tr>
<tr class="">
<td style="border-style: solid; border-top-width: 0.050000pt; border-top-color: rgb(0.000000%, 0.000000%, 0.000000%); border-right-width: 0.050000pt; border-right-color: rgb(0.000000%, 0.000000%, 0.000000%); border-bottom-width: 0.050000pt; border-bottom-color: rgb(0.000000%, 0.000000%, 0.000000%); border-left-width: 0.050000pt; border-left-color: rgb(0.000000%, 0.000000%, 0.000000%)" class="">
<div class="layoutArea">
<div class="column"><p class=""><span style="font-size: 10.000000pt; font-family: 'ArialMT'" class="">'client-error-not-authenticated'
</span></p>
</div>
</div>
</td>
<td style="border-style: solid; border-top-width: 0.050000pt; border-top-color: rgb(0.000000%, 0.000000%, 0.000000%); border-right-width: 0.050000pt; border-right-color: rgb(0.000000%, 0.000000%, 0.000000%); border-bottom-width: 0.050000pt; border-bottom-color: rgb(0.000000%, 0.000000%, 0.000000%); border-left-width: 0.050000pt; border-left-color: rgb(0.000000%, 0.000000%, 0.000000%)" class="">
<div class="layoutArea">
<div class="column"><p class=""><span style="font-size: 10.000000pt; font-family: 'ArialMT'" class="">Authentication required but no
X.509 certificate supplied
</span></p>
</div>
</div>
</td>
<td style="border-style: solid; border-top-width: 0.050000pt; border-top-color: rgb(0.000000%, 0.000000%, 0.000000%); border-right-width: 0.050000pt; border-right-color: rgb(0.000000%, 0.000000%, 0.000000%); border-bottom-width: 0.050000pt; border-bottom-color: rgb(0.000000%, 0.000000%, 0.000000%); border-left-width: 0.050000pt; border-left-color: rgb(0.000000%, 0.000000%, 0.000000%)" class="">
<div class="layoutArea">
<div class="column"><p class=""><span style="font-size: 10.000000pt; font-family: 'ArialMT'" class="">Close the connection; select a certificate
(with possible user interaction); retry
connection with selected certificate
</span></p>
</div>
</div>
</td>
</tr>
<tr class="">
<td style="border-style: solid; border-top-width: 0.050000pt; border-top-color: rgb(0.000000%, 0.000000%, 0.000000%); border-right-width: 0.050000pt; border-right-color: rgb(0.000000%, 0.000000%, 0.000000%); border-bottom-width: 0.050000pt; border-bottom-color: rgb(0.000000%, 0.000000%, 0.000000%); border-left-width: 0.050000pt; border-left-color: rgb(0.000000%, 0.000000%, 0.000000%)" class="">
<div class="layoutArea">
<div class="column"><p class=""><span style="font-size: 10.000000pt; font-family: 'ArialMT'" class="">'client-error-not-authorized'
</span></p>
</div>
</div>
</td>
<td style="border-style: solid; border-top-width: 0.050000pt; border-top-color: rgb(0.000000%, 0.000000%, 0.000000%); border-right-width: 0.050000pt; border-right-color: rgb(0.000000%, 0.000000%, 0.000000%); border-bottom-width: 0.050000pt; border-bottom-color: rgb(0.000000%, 0.000000%, 0.000000%); border-left-width: 0.050000pt; border-left-color: rgb(0.000000%, 0.000000%, 0.000000%)" class="">
<div class="layoutArea">
<div class="column"><p class=""><span style="font-size: 10.000000pt; font-family: 'ArialMT'" class="">Access denied for the identity
specified by the provided X.509
certificate; try again
</span></p>
</div>
</div>
</td>
<td style="border-style: solid; border-top-width: 0.050000pt; border-top-color: rgb(0.000000%, 0.000000%, 0.000000%); border-right-width: 0.050000pt; border-right-color: rgb(0.000000%, 0.000000%, 0.000000%); border-bottom-width: 0.050000pt; border-bottom-color: rgb(0.000000%, 0.000000%, 0.000000%); border-left-width: 0.050000pt; border-left-color: rgb(0.000000%, 0.000000%, 0.000000%)" class="">
<div class="layoutArea">
<div class="column"><p class=""><span style="font-size: 10.000000pt; font-family: 'ArialMT'" class="">Close the connection; select a different
certificate (with possible user interaction);
retry connection with selected certificate
</span></p>
</div>
</div>
</td>
</tr>
<tr class="">
<td style="border-style: solid; border-top-width: 0.050000pt; border-top-color: rgb(0.000000%, 0.000000%, 0.000000%); border-right-width: 0.050000pt; border-right-color: rgb(0.000000%, 0.000000%, 0.000000%); border-bottom-width: 0.050000pt; border-bottom-color: rgb(0.000000%, 0.000000%, 0.000000%); border-left-width: 0.050000pt; border-left-color: rgb(0.000000%, 0.000000%, 0.000000%)" class="">
<div class="layoutArea">
<div class="column"><p class=""><span style="font-size: 10.000000pt; font-family: 'ArialMT'" class="">'client-error-forbidden'
</span></p>
</div>
</div>
</td>
<td style="border-style: solid; border-top-width: 0.050000pt; border-top-color: rgb(0.000000%, 0.000000%, 0.000000%); border-right-width: 0.050000pt; border-right-color: rgb(0.000000%, 0.000000%, 0.000000%); border-bottom-width: 0.050000pt; border-bottom-color: rgb(0.000000%, 0.000000%, 0.000000%); border-left-width: 0.050000pt; border-left-color: rgb(0.000000%, 0.000000%, 0.000000%)" class="">
<div class="layoutArea">
<div class="column"><p class=""><span style="font-size: 10.000000pt; font-family: 'ArialMT'" class="">Access denied for the identity
specified by the provided X.509
certificate; don't try again
</span></p>
</div>
</div>
</td>
<td style="border-style: solid; border-top-width: 0.050000pt; border-top-color: rgb(0.000000%, 0.000000%, 0.000000%); border-right-width: 0.050000pt; border-right-color: rgb(0.000000%, 0.000000%, 0.000000%); border-bottom-width: 0.050000pt; border-bottom-color: rgb(0.000000%, 0.000000%, 0.000000%); border-left-width: 0.050000pt; border-left-color: rgb(0.000000%, 0.000000%, 0.000000%)" class="">
<div class="layoutArea">
<div class="column"><p class=""><span style="font-size: 10.000000pt; font-family: 'ArialMT'" class="">Close the connection and present User
with error dialog (“Access denied”)
</span></p>
</div>
</div>
</td>
</tr>
</tbody></table>
<div class="layoutArea">
<div class="column"><p style="text-align: center;" class=""><span style="font-size: 11.000000pt; font-family: 'Arial'; font-weight: 700" class="">Table 3.1 : IPP 'certificate' Authentication Method Error Condition Status Codes </span></p>
</div>
</div>
</div></blockquote><div class="">None of these seem to cover a lower-level protocol negotiation level failure. Do we need to add a new one for TLS version negotiation failure? The Client can learn the Printer's maximum TLS version via the "TLS" DNS-SD TXT record key (5100.14 section 4.2.3.4). The "uri-security-supported" attribute simply uses 'tls' but lists no version (which troubles me because DNS-SD shouldn't be more descriptive than IPP).</div><div class=""><br class=""></div><div class="">Thoughts?</div><div class=""><br class=""><div class="">Smith<br class=""><br class="">/**<br class=""> Smith Kennedy<br class=""> Wireless & Standards Architect - IPG-PPS<br class=""> Standards - IEEE ISTO PWG / Bluetooth SIG / Wi-Fi Alliance / NFC Forum / USB-IF<br class=""> Chair, IEEE ISTO Printer Working Group<br class=""> HP Inc.<br class="">*/<br class=""><br class=""><br class=""></div><br class=""></div></body></html>