IPP Mail Archive: IPP> PRO - Issue 32: Use of Basic & Digest Authentication

IPP> PRO - Issue 32: Use of Basic & Digest Authentication

Manros, Carl-Uno B (cmanros@cp10.es.xerox.com)
Tue, 6 Apr 1999 16:59:41 -0700

The current IPP/1.1 text says under Security Considerations:

7. Security Considerations

"The IPP Model document defines an IPP implementation with "authentication"
as one that implements the standard way for transporting IPP messages within
HTTP 1.1. These include the security considerations outlined in the HTTP 1.1
standard document [rfc2068] and Digest Access Authentication extension
[rfc2069]."

There are several problems with this paragraph.

1) It states that the Model document "implements the standard way for
transporting IPP messages within HTTP 1.1", which is not true.

2) The wording does not make it clear that IPP implementations MUST support
the security features in RFC 2069.

3) Those of you who have been in the WG long enough are sure to remember
that Keith Moore's condition for accepting a SHOULD for TLS was that Digest
is a MUST fallback that all implementations have to implement, so I think we
are only talking about fixing the wording in our document.

Proposed solution: As the HTTP WG is deprecating the Basic Authentication
feature, it does not make sense to mandate that, but we still have to make
it clear that support for Digest Authentication is a MUST for all IPP
clients and printers (unless you want to make TLS a MUST for everybody) in
IPP/1.1.

Carl-Uno

Carl-Uno Manros
Principal Engineer - Xerox Architecture Center - Xerox Corporation
701 S. Aviation Blvd., El Segundo, CA, M/S: ESAE-231
Phone +1-310-333 8273, Fax +1-310-333 5514
Email: manros@cp10.es.xerox.com