[IPP] RFC: HTTP Digest changes for RFC 2910bis

[IPP] RFC: HTTP Digest changes for RFC 2910bis

Michael Sweet msweet at apple.com
Thu Aug 4 16:40:24 UTC 2016 

Thanks, all!


> On Aug 4, 2016, at 12:11 PM, Paul Tykodi <ptykodi at tykodi.com> wrote:
> 
> Hi Mike,
>  
> I agree with your proposed change.
>  
> Thanks.
>  
> Best Regards,
>  
> /Paul
> --
> Paul Tykodi
> Principal Consultant
> TCS - Tykodi Consulting Services LLC
> 
> Tel/Fax: 603-343-1820
> Mobile:  603-866-0712
> E-mail:  ptykodi at tykodi.com <mailto:ptykodi at tykodi.com>
> WWW:  http://www.tykodi.com <http://www.tykodi.com/>
>  
> This e-mail reply and any attachments are confidential and may be privileged.
> If you are not the intended recipient, please notify Tykodi Consulting Services LLC 
> immediately by replying to this message and destroying all copies of this message 
> and any attachments. Thank you
>  
> From: ipp [mailto:ipp-bounces at pwg.org] On Behalf Of Michael Sweet
> Sent: Thursday, August 4, 2016 8:58 AM
> To: ipp <ipp at pwg.org>
> Subject: [IPP] RFC: HTTP Digest changes for RFC 2910bis
>  
> All,
>  
> The last call and ballet comments are rolling in for RFC 2910bis and 2911bis; one issue has come up that I'd like some feedback on...
>  
> RFC 2910 made Digest REQUIRED for Clients and RECOMMENDED for Printers, and requires MD5 and MD5-sess support.
>  
> RFC 2910bis changed this to RECOMMENDED for both Clients and Printers based on our experience that Digest is not widely implemented.  However, we've kept the MD5 and MD5-sess requirements if a Client or Printer *does* support it.
>  
> This latter portion is being raised as an issue: RFC 7616 (the current HTTP Digest RFC) deprecates MD5 and MD5-sess and requires SHA256 instead (which did not exist in 2000 when RFC 2910 was published).  They don't like us still requiring MD5 support, and my proposed "require both MD5 and whatever is in RFC 7616" compromise wasn't acceptable.
>  
> What they want is for us to drop the MD5 requirement and note it, something like:
>  
>> Note: The MD5 and MD5-sess algorithms were mandatory to implement in the original IPP/1.1: Encoding and Transport [RFC2910]. This requirement has been removed in this document since the algorithms are deprecated by the current Digest Authentication document.
>  
> I am inclined to make this change since we've already softened the conformance language because there is limited deployment of IPP implementations using HTTP Digest - this won't break existing implementations.
>  
> Comments?
>  
> _________________________________________________________
> Michael Sweet, Senior Printing System Engineer

_________________________________________________________
Michael Sweet, Senior Printing System Engineer

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20160804/96c4de1c/attachment.html>

More information about the ipp mailing list