IPP Mail Archive: Re: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

IPP Mail Archive: Re: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

Re: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

Michael Sweet (mike@easysw.com)
Fri, 09 Apr 1999 13:18:45 -0400

Keith Moore wrote:
>
> > > 1) Both Basic and Digest are OPTIONAL for use with HTTP/1.1
> > > ...
> >
> > Then may I respectfully suggest that we make them OPTIONAL for IPP
> > as well? If the IETF approves the HTTP/1.1 with that wording,
> > then certainly IPP/1.1 will get approved...
>
> Nope. HTTP and IPP are different problem spaces. The need for
> authentication in IPP has nothing to do with the need for
> authentication in HTTP.

Given that HTTP supports a much broader range of applications than
IPP, I'm not sure I understand your logic here. Granted, you can
tie up a printer by sending an unauthorized print job, but how is
that different in severity to cracking a system through POST/PUT
operations?

Mandatory authentication only provides protection against unwanted
print jobs; it doesn't prevent other types of DoS attacks.

-- 
______________________________________________________________________
Michael Sweet, Easy Software Products                  mike@easysw.com
Printing Software for UNIX                       http://www.easysw.com