attachment

<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">All,<div class=""><br class=""></div><div class="">The IPP workgroup would like to deprecate the Print-URI and Send-URI operations [STD92] and associated attributes, values, and status codes.  The reasons for these deprecations are primarily security-driven but also reflect 20 years of real-world implementation experience.</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">The specific issues we have discussed are:</div><div class=""><br class=""></div><div class="">1. Network Access Differences:  Clients and Printers can have different levels of access to networking, which can lead to print jobs failing because the Printer is unable to access a network resource (different networks, missing credentials, etc.) as well as print jobs succeeding because the Printer has access to otherwise protected/restricted network resources (e.g. bypassing personal firewalls). Even for non-malicious content, remote URIs can incur additional costs for network data/bandwidth usage that might otherwise not be accounted for or allowed.</div><div class=""><br class=""></div><div class="">2. Identification/Authentication/Access Control Issues:  Clients cannot always provide a Printer with the necessary credentials to access a remote resource, and sending some types of credentials (e.g. passwords, private keys, etc.) to the Printer poses a security threat.</div><div class=""><br class=""></div><div class="">3. Denial of Service Attacks:  A Client could potentially cause a Denial-of-Service by sending a URI to a malicious network service designed to provide malicious content to the Printer or to delay network transactions in a way that keeps the Printer busy fetching the remote document.</div><div class=""><br class=""></div><div class="">4. Required URI Scheme:  IPP/1.1 [STD92] only requires support for the "ftp" URI scheme/protocol, which is no longer supported by the major web browsers and operating systems out-of-the-box, is not a secure or modern protocol, and is often blocked by firewalls and ISPs.</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">As for implementation experience, some IPP spooler (Client-side) implementations have made use of these operations to provide access to internal resources without extra copying, for example when printing photos on iOS devices, but otherwise the various Client operating systems do not seem to make use of these operations.  Some Printers *do* support Print-URI and Send-URI for both FTP and HTTP/HTTPS, but there is no evidence that such functionality is in common usage.</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Your feedback is greatly appreciated!</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">--------</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">The following is the IANA IPP registry template for this change:</div><div class=""><br class=""></div><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;" class=""><div class=""><div class=""><div class="">Document Status attributes:                         Reference</div><div class="">--------------------------                          ---------</div><div class="">document-access-errors (1setOf text(MAX))           [PWG5100.5]</div><div class="">document-access-errors(deprecated)                  [IPPWG20210616]</div></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><div class="">Job Status attributes:                              Reference</div><div class="">---------------------                               ---------</div><div class="">job-document-access-errors (1setOf text(MAX))       [STD92]</div><div class="">job-document-access-errors(deprecated)              [IPPWG20210616]</div></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Operation attributes:                               Reference</div></div><div class="">--------------------                                ---------</div><div class="">document-access (collection | no-value)             [PWG5100.18]</div><div class="">document-access(deprecated)                         [IPPWG20210616]</div><div class="">document-access-error (text(MAX))                   [STD92]</div><div class="">document-access-error(deprecated)                   [IPPWG20210616]</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Printer Description attributes:                     Reference</div><div class="">-------------------------------                     ---------</div><div class="">document-access-supported (1setOf keyword)          [PWG5100.18]</div><div class="">document-access-supported(deprecated)               [IPPWG20210616]</div><div class="">reference-uri-schemes-supported (1setOf uriScheme)  [STD92]</div><div class="">reference-uri-schemes-supported(deprecated)         [IPPWG20210616]</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Attributes (attribute syntax)<br class="">  Keyword Attribute Value                           Reference<br class="">  -----------------------                           ---------<br class="">document-state-reasons (1setOf type2 keyword)       [PWG5100.5]</div><div class="">  document-access-error                             [PWG5100.5]</div><div class="">  document-access-error(deprecated)                 [IPPWG20210616]</div><div class=""><br class=""></div><div class="">job-state-reasons (1setOf type2 keyword)            [STD92]</div><div class="">  document-access-error                             [STD92]<br class=""><div class="">  document-access-error(deprecated)                 [IPPWG20210616]</div></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Attributes (attribute syntax)</div><div class="">  Enum Value          Enum Symbolic Name            Reference</div><div class="">  ----------          ------------------            ---------</div><div class="">operations-supported (1setOf type2 enum)            [STD92]</div><div class="">  0x0003              Print-URI                     [STD92]</div>  0x0003(deprecated)  Print-URI                     [IPPWG20210616]<br class="">  0x0007              Send-URI                      [STD92]<div class="">  0x0007(deprecated)  Send-URI                      [IPPWG20210616]</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Operation Name                                      Reference</div><div class="">--------------                                      ---------</div><div class="">Print-URI                                           [STD92]</div><div class="">Print-URI(deprecated)                               [IPPWG20210616]</div><div class="">Send-URI                                            [STD92]</div><div class="">Send-URI(deprecated)                                [IPPWG20210616]</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Value    Status Code Name                           Reference<br class="">------   -----------------------------------------  ---------<br class="">0x0400:0x04FF - Client Error:<br class="">  0x0412 client-error-document-access-error         [STD92]</div><div class=""><div class="">  0x0412(deprecated)                                [REFERENCE]</div></div></blockquote><div class=""><br class=""></div><div class=""><br class=""></div><div class="">[PWG5100.5]: <a href="https://ftp.pwg.org/pub/pwg/candidates/cs-ippdocobject11-20190521-5100.5.pdf" class="">https://ftp.pwg.org/pub/pwg/candidates/cs-ippdocobject11-20190521-5100.5.pdf</a></div><div class="">[PWG5100.18]: <a href="https://ftp.pwg.org/pub/pwg/candidates/cs-ippinfra10-20150619-5100.18.pdf" class="">https://ftp.pwg.org/pub/pwg/candidates/cs-ippinfra10-20150619-5100.18.pdf</a></div><div class="">[STD92]: <a href="https://tools.ietf.org/html/std92" class="">https://tools.ietf.org/html/std92</a></div><div class=""><br class=""></div><div class=""><div class="">________________________<br class="">Michael Sweet<br class=""><br class=""><br class=""></div><br class=""></div></body></html>

Comments are owned by the poster. All other material is Copyright © 2001-2024 The Printer Working Group. All rights reserved. IPP Everywhere, the IPP Everywhere logo, and the PWG logo are trademarks of the IEEE-ISTO.
About the PWG · Privacy Policy · PWG Webmaster