PWG February 2021 Face-to-Face Meeting - Summary
February 18, 2021

The PWG held its February 2021 Virtual Face-to-Face Meeting on February 9-11, 2021 via Webex teleconferences. Representatives from Canon, Google, High North, HP Inc., Konica Minolta, Kyocera Document Solutions, Lakeside Robotics, Lexmark, Microsoft, Qualcomm, Pharos, Ricoh, TIC, TCS and Xerox attended the meetings, among others. Attendees reviewed work in progress, including drafts of a number of in-progress specifications, and discussed liaisons with partner groups. Here is a summary of the proceedings.

PWG Plenary

The F2F event began with the PWG Plenary session, which had a reduced scope to limit the presentation time. The PWG Chair began with the new PWG Antitrust Policy, which was presented at the start of each session at this F2F, and will be presented at the start of all PWG teleconferences and F2F sessions going forward. We then paused to note the passing of Ron Bergman, a dedicated original member and contributor to many PWG specifications and efforts. The PWG Chair then reviewed the overall state of the PWG, its programs and initiatives, and briefly discussed upcoming face-to-face meeting scheduling. We noted that there are currently 629 printers certified under the PWG's IPP Everywhere™ Self Certification program. We discussed the PWG Steering Committee's activities and initiatives, including progress on Process 4.0, new policies, and recently approved documents. Officers from the IDS Workgroup and IPP Workgroup briefly summarized their Workgroup's status, and PWG Liaison Officers also briefly reported on the status of our partners' work in Linux Foundation OpenPrinting Workgroup, Mopria Alliance, ISO JTC1 WG12, and INCITS.

Complete minutes are available here:

Internet Printing Protocol (IPP) Workgroup

On the first day, Ira McDonald (IPP WG Co-Chair) and Mike Sweet (IPP WG Secretary) surveyed the status of current IPP Workgroup works in progress. The  IPP Everywhere v1.1 Update 2 self-certification tool set was recently approved. The Job Accounting with IPP v1.0 was formally approved on February 5. The status of IPP Driverless Printing Extensions v2.0 was briefly discussed, since a new draft was not yet published and ready for review.

The IPP WG moved on to the Evolution of IPP/2.0 and IPP Everywhere session, where they considered what that means from a versioning point of view and related issues. Some possible solutions to issues with the current IPP Everywhere v1.1 test suite when testing streaming printers were discussed, and how that might impact certification timing.

After a break, we discussed the IPP INFRA Cloud Proxy Registration initiative and related work plans. The scope of the work is likely to trigger an update to IPP Shared Infrastructure Extensions (PWG 5100.18) and IPP System Service (PWG 5100.22). There was much discussion and we didn't complete the topic on that first day, so we made plans to continue the discussion the next day once some schedule changes were made.

On the second day, after the IDS Workgroup session and a break, the group continued the discussion about IPP INFRA Cloud Proxy Registration. We discussed Local Printing, an expanded set of use cases and topologies for release printing, Cloud Scan support, and the need to project more portions of existing SNMP MIBs into the IPP space. We didn't get to IPP Finishings v2.2, but Smith Kennedy informed the group that the next step was to review the normative requirements in the specification and decide on whether the new revision was going to be a minor revision (v2.2) or a major one (v3.0).

On the third day, the IPP Workgroup started with a review of IPP Enterprise Printing Extensions v2.0. The group discussed the "job-password-repertoire" and "job-password-length-supported" that were registered several years ago, and proposed some updates to those. The group committed to continuing the review in the next IPP WG teleconference after the F2F.

After a break, Paul Tykodi led a review of the PWG's 3D Printing liaisons and the guidance we will be providing to our partners. We discussed the competition between different standards and proprietary solutions, and the need to increase the visibility of IPP 3D, particularly in comparison to MT Connect, which is a low-level process-oriented machine control protocol. 3D Scanning and work on an IPP 3D Scan specification was discussed. Since security and privacy are being discussed more in the 3D Printing / Additive Manufacturing community, evangelizing the existing robust security facilities in IPP could help advertise its value. We discussed the value in having an article written to articulate IPP's value to 3D Printing, and will be pursuing this. Work should also be pursued developing the 3D Printing Protection Profile. We concluded the IPP WG sessions with next steps.

Complete minutes are available here:

Imaging Device Security (IDS) Workgroup

At the start of the second day, Alan Sukert (IDS WG Chair) led the IDS Workgroup status and progress discussion. We went through the current status of the weekly HCD iTC meetings held since the last IDS Face-to-Face (F2F) Meeting in November 2020 and the efforts to develop HCD cPP v1.0 and HCD Supporting Document (SD) v1.0. The second internal drafts of the HCD cPP and HCD SD were reviewed by the full HCD iTC – 15 comments were received against the HCD cPP draft and 30 comments were received against the HCD SD draft. All comments were addressed.

Al then led a discussion about the status of HCD iTC work to address a major issue concerning a proposal for managing non-field replaceable non-volatile storage. The proposal was that non-field replaceable non-volatile storage be allowed to store key material in clear text rather than encrypted as long as the HCD had some type of “purge” function that would allow the key material to be deleted when the HCD was ready to be decommissioned or moved to another location. This proposal would be in conflict with the requirement in the Essential Security Requirements (ESR) document approved by the Common Criteria Development Board (CCDB) which states that the HCD shall encrypt user document data and/or the HCD critical data (for confidentiality protection) stored on nonvolatile storage device if it uses nonvolatile storage device for the purpose of storing those data and that storage of initial data of the key chain on the nonvolatile storage device without protection would not meet the requirement. The HCD iTC is still determining the resolution of this issue.

Al discussed the latest status of the HCD iTC’s Network Subgroup. This subgroup is looking at what to do in the HCD cPP/SD for the SFRs and assurance activities for the four secure protocols – IPsec, TLS, SSH and HTTPS, although the subgroup’s charter has recently been expanded to look at additional SFRs and assurance activities for dependencies of the four secure protocols. The group discussed what to do about TLS 1.3 and TLS 1.1. The HCD iTC had hoped to incorporate TLS 1.3 into HCD cPP/SD v1.0 but was waiting to see what the ND iTC did about TLS 1.3 first. It turns out that the ND iTC’s TLS Subgroup is currently stalled because NIAP recently submitted a large set of comments against the latest draft containing TLS 1.3 support, and many of the comments will require time to address. Thus, the likelihood of getting a TLS 1.3 solution from the ND iTC in time for inclusion in HCD cPP/SD 1.0 seems very unlikely at this point.

Ira then covered the latest HCD Security Guidelines status. An updated draft was not published in time to be reviewed at this meeting, but Smith provided updates to the Wi-Fi content in Section 4 and Ira changed much of the guidance in Section 4 as a result. Ira plans to add some material on IPP to Section 4 as well. Ira says he plans to have an update to the HCD Security Guidelines with additions to Section 5 hopefully by the end of March, and a full-content update sometime in Q3 2021.

Finally, Ira gave a Liaison Report on current standards developments for the Trusted Computing Group (TCG), Internet Engineering Task Force (IETF), and Linux Foundation as part of the Plenary Session of the PWG Face-to-Face of which the IDS Session is a part of. Ira's liaison report will become part of the IDS Session going forward since it is mostly focused on security related work in other groups.

Complete minutes are available here:

Next PWG Face-to-Face Meeting

The next PWG Face-to-Face meeting will be held May 4-6, 2021 via Webex teleconference. Be sure to subscribe to the mailing list to receive announcements about upcoming events and event changes or check the PWG Meetings page for updates on plans for upcoming meetings.