IPP> Re: PRO - Issue 32: Use of Basic & DigestAuthentication

IPP> Re: PRO - Issue 32: Use of Basic & DigestAuthentication

Larry Masinter masinter at parc.xerox.com
Mon Apr 12 12:38:30 EDT 1999


> >>> Paul Moore <paulmo at microsoft.com> 04/09/99 06:01PM >>>
> Basic and SSL work fine for me. It has the fiollowing benefits
> 1. Its works

Actually, it doesn't work very well.

> 2. Its secure

No, it has serious security problems in the context of a printing
protocol. Maybe "its secure" for web browsing, but requiring the
printer to hold passwords in the clear leads to several vulnerabilities
that can be exploited. And if we're still in an export-sensitive
world, the security of "basic and SSL" creates an attractive nuisance.

> 3. Any reasonable client supports it
> 4. Any reasonable server supports it.


Depending on "reasonable": you're adding overhead to accomplish
privacy when all that's wanted is authentication. And without
further definition of a minimum required interoperable subset,
"supports it" is just meaningless blather.

Frankly, it seems like we're getting some knee-jerk responses.
This isn't a popularity contest. The results actually have to
work.

Regards,

Larry




More information about the Ipp mailing list