IFX Mail Archive: IFX> RE: IPPGet

IFX Mail Archive: IFX> RE: IPPGet

IFX> RE: IPPGet

From: McDonald, Ira (imcdonald@sharplabs.com)
Date: Thu Jul 24 2003 - 12:32:56 EDT

  • Next message: Gail Songer: "IFX> IPPFAX July 30 Phone conference"

    Hi Gail,

    HTTP/1.1 Digest Authentication (in RFC 2617) would be plausibly
    sufficient for IPPFAX Sender authentication.

    NOTE - HTTP/1.1 Digest requires that both the Sender and
    Receiver have pre-configured knowledge of a shared secret
    (the "password"). That seems to be less public Internet
    friendly than certificate-based authentication, to me.

    So Digest would work for pre-configured Senders, although a
    TLS session is still necessary to maintain data integrity
    (i.e., Digest w/out TLS is not helpful).

    If the IPPFAX use model is GSTN fax-like, then Digest is
    insufficient. If the IPPFAX use model is for pairs of
    cooperating businesses or end users, then Digest plus
    TLS Receiver authentication (certificate-based) is OK.

    Cheers,
    - Ira

    -----Original Message-----
    From: Gail Songer [mailto:gail.songer@peerless.com]
    Sent: Wednesday, July 23, 2003 6:43 PM
    To: McDonald, Ira
    Cc: ifx@pwg.org
    Subject: IPPGet

    Ira,

    The IPPFax protocol spec allows for other methods of authentication. Table
    10 requires a Sender to support and use digest authentication. (Actually,
    the requirements for the sender seem kind of confusing....) Would Digest be
    sufficient to authenticate the user to retrieve subscription information?
                 

    Ippget: Ira believes that a sender needs to be authenticated to retrieve
    subscription data and matching "requesting-user-name" is not
    sufficient(especially for IPPFax). We discussed requiring Sender side TLS
    authentication. Gail believes that this would limit the usability (how many
    clients are really going to have certificates?). Relaxed the requirement
    for IPPGet notifications to just requiring notifications.



    This archive was generated by hypermail 2b29 : Thu Jul 24 2003 - 12:33:07 EDT