All,
The IPP workgroup would like to deprecate the Print-URI and Send-URI operations [STD92] and associated attributes, values, and status codes. The reasons for these deprecations are primarily security-driven but also reflect 20 years of real-world implementation experience.
The specific issues we have discussed are:
1. Network Access Differences: Clients and Printers can have different levels of access to networking, which can lead to print jobs failing because the Printer is unable to access a network resource (different networks, missing credentials, etc.) as well as print jobs succeeding because the Printer has access to otherwise protected/restricted network resources (e.g. bypassing personal firewalls). Even for non-malicious content, remote URIs can incur additional costs for network data/bandwidth usage that might otherwise not be accounted for or allowed.
2. Identification/Authentication/Access Control Issues: Clients cannot always provide a Printer with the necessary credentials to access a remote resource, and sending some types of credentials (e.g. passwords, private keys, etc.) to the Printer poses a security threat.
3. Denial of Service Attacks: A Client could potentially cause a Denial-of-Service by sending a URI to a malicious network service designed to provide malicious content to the Printer or to delay network transactions in a way that keeps the Printer busy fetching the remote document.
4. Required URI Scheme: IPP/1.1 [STD92] only requires support for the "ftp" URI scheme/protocol, which is no longer supported by the major web browsers and operating systems out-of-the-box, is not a secure or modern protocol, and is often blocked by firewalls and ISPs.
As for implementation experience, some IPP spooler (Client-side) implementations have made use of these operations to provide access to internal resources without extra copying, for example when printing photos on iOS devices, but otherwise the various Client operating systems do not seem to make use of these operations. Some Printers *do* support Print-URI and Send-URI for both FTP and HTTP/HTTPS, but there is no evidence that such functionality is in common usage.
Your feedback is greatly appreciated!
--------
The following is the IANA IPP registry template for this change:
Document Status attributes: Reference
-------------------------- ---------
document-access-errors (1setOf text(MAX)) [PWG5100.5]
document-access-errors(deprecated) [IPPWG20210616]
Job Status attributes: Reference
--------------------- ---------
job-document-access-errors (1setOf text(MAX)) [STD92]
job-document-access-errors(deprecated) [IPPWG20210616]
Operation attributes: Reference
-------------------- ---------
document-access (collection | no-value) [PWG5100.18]
document-access(deprecated) [IPPWG20210616]
document-access-error (text(MAX)) [STD92]
document-access-error(deprecated) [IPPWG20210616]
Printer Description attributes: Reference
------------------------------- ---------
document-access-supported (1setOf keyword) [PWG5100.18]
document-access-supported(deprecated) [IPPWG20210616]
reference-uri-schemes-supported (1setOf uriScheme) [STD92]
reference-uri-schemes-supported(deprecated) [IPPWG20210616]
Attributes (attribute syntax)
Keyword Attribute Value Reference
----------------------- ---------
document-state-reasons (1setOf type2 keyword) [PWG5100.5]
document-access-error [PWG5100.5]
document-access-error(deprecated) [IPPWG20210616]
job-state-reasons (1setOf type2 keyword) [STD92]
document-access-error [STD92]
document-access-error(deprecated) [IPPWG20210616]
Attributes (attribute syntax)
Enum Value Enum Symbolic Name Reference
---------- ------------------ ---------
operations-supported (1setOf type2 enum) [STD92]
0x0003 Print-URI [STD92]
0x0003(deprecated) Print-URI [IPPWG20210616]
0x0007 Send-URI [STD92]
0x0007(deprecated) Send-URI [IPPWG20210616]
Operation Name Reference
-------------- ---------
Print-URI [STD92]
Print-URI(deprecated) [IPPWG20210616]
Send-URI [STD92]
Send-URI(deprecated) [IPPWG20210616]
Value Status Code Name Reference
------ ----------------------------------------- ---------
0x0400:0x04FF - Client Error:
0x0412 client-error-document-access-error [STD92]
0x0412(deprecated) [REFERENCE]
[PWG5100.5]: https://ftp.pwg.org/pub/pwg/candidates/cs-ippdocobject11-20190521-5100.5.pdf
[PWG5100.18]: https://ftp.pwg.org/pub/pwg/candidates/cs-ippinfra10-20150619-5100.18.pdf
[STD92]: https://tools.ietf.org/html/std92
________________________
Michael Sweet
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20210616/449f5b15/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 874 bytes
Desc: Message signed with OpenPGP
URL: <http://www.pwg.org/pipermail/ipp/attachments/20210616/449f5b15/attachment.sig>