[IPP] RFC: HTTP Digest changes for RFC 2910bis

[IPP] RFC: HTTP Digest changes for RFC 2910bis

Ira McDonald blueroofmusic at gmail.com
Thu Aug 4 15:32:23 UTC 2016


Hi Mike,

I agree with your proposed response to the IETF folks.

Cheers,
- Ira


Ira McDonald (Musician / Software Architect)
Co-Chair - TCG Trusted Mobility Solutions WG
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music / High North Inc
http://sites.google.com/site/blueroofmusic
http://sites.google.com/site/highnorthinc
mailto: blueroofmusic at gmail.com
Jan-April: 579 Park Place  Saline, MI  48176  734-944-0094
May-Dec: PO Box 221  Grand Marais, MI 49839  906-494-2434


On Thu, Aug 4, 2016 at 8:57 AM, Michael Sweet <msweet at apple.com> wrote:

> All,
>
> The last call and ballet comments are rolling in for RFC 2910bis and
> 2911bis; one issue has come up that I'd like some feedback on...
>
> RFC 2910 made Digest REQUIRED for Clients and RECOMMENDED for Printers,
> and requires MD5 and MD5-sess support.
>
> RFC 2910bis changed this to RECOMMENDED for both Clients and Printers
> based on our experience that Digest is not widely implemented.  However,
> we've kept the MD5 and MD5-sess requirements if a Client or Printer *does*
> support it.
>
> This latter portion is being raised as an issue: RFC 7616 (the current
> HTTP Digest RFC) deprecates MD5 and MD5-sess and requires SHA256 instead
> (which did not exist in 2000 when RFC 2910 was published).  They don't like
> us still requiring MD5 support, and my proposed "require both MD5 and
> whatever is in RFC 7616" compromise wasn't acceptable.
>
> What they want is for us to drop the MD5 requirement and note it,
> something like:
>
> Note: The MD5 and MD5-sess algorithms were mandatory to implement in the
> original IPP/1.1: Encoding and Transport [RFC2910]. This requirement has
> been removed in this document since the algorithms are deprecated by the
> current Digest Authentication document.
>
>
> I am inclined to make this change since we've already softened the
> conformance language because there is limited deployment of IPP
> implementations using HTTP Digest - this won't break existing
> implementations.
>
> Comments?
>
> _________________________________________________________
> Michael Sweet, Senior Printing System Engineer
>
>
> _______________________________________________
> ipp mailing list
> ipp at pwg.org
> https://www.pwg.org/mailman/listinfo/ipp
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20160804/295a3e22/attachment.html>


More information about the ipp mailing list