RE: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

Manros, Carl-Uno B (cmanros@cp10.es.xerox.com)
Mon, 12 Apr 1999 10:18:24 -0700

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Michael Sweet: "Re: IPP> Re: PRO - Issue 32: Use of Basic & DigestAuthentication"
• Previous message: Michael Sweet: "Re: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication"

Paul & Hugo,

Voting for use of SSL3 rather than TLS is not politically correct in the
IETF.
Hence, voting for SSL3 means that you don't want to have an IETF standard.
The IPP WG is tasked to produce an IETF standard.

Carl-Uno

> -----Original Message-----
> From: Hugo Parra [mailto:HPARRA@novell.com]
> Sent: Monday, April 12, 1999 8:33 AM
> To: paulmo@microsoft.com; masinter@parc.xerox.com
> Cc: cmanros@cp10.es.xerox.com; mike@easysw.com; ipp@pwg.org
> Subject: RE: IPP> Re: PRO - Issue 32: Use of Basic & Digest
> Authentication
>
>
> I second this.
> -Hugo
>
> >>> Paul Moore <paulmo@microsoft.com> 04/09/99 06:01PM >>>
> Basic and SSL work fine for me. It has the fiollowing benefits
> 1. Its works
> 2. Its secure
> 3. Any reasonable client supports it
> 4. Any reasonable server supports it.
>
>
> -----Original Message-----
> From: Larry Masinter [mailto:masinter@parc.xerox.com]
> Sent: Friday, April 09, 1999 4:13 PM
> To: Paul Moore
> Cc: IETF-IPP; 'Manros, Carl-Uno B'; Michael Sweet
> Subject: RE: IPP> Re: PRO - Issue 32: Use of Basic & Digest
> Authentication
>
>
> > I dont think that I said anything about not paying
> attention to security.
> > I'll will remind you that I was the only one with working SSL3
> > implementations on client and server at the recent
> bake-off. I am very
> > concerned about it.
> >
> > I was commenting that carl-uno's flowchart did not analyse
> the pros and
> cons
> > of the various security choices it merely said (and I
> paraphrase somewhat)
> > "We better do this becasue we wont get an RFC if we dont".
> I.e "even if it
> > sucks we'll do it anyway". BTW I'm not suggesting that
> anything does suck
> > either merely that being asked to turn my brain off to all
> logic other
> than
> > getting an RFC seemed too much.
>
> But we've heard repeatedly that the requirement for "getting an RFC"
> is to come up with a plan for securing printers that makes sense.
> Keith wrote:
>
> "The bottom line is that IPP will not get a standard out of IETF
> unless it provides a minimum level of security."
>
> To continue to characterize this simple and sensible requirement
> as "turn my brain off" is, well, turning off your brain.
>
> If the proposal for "a minimum level of security" via Digest
> authentication doesn't work for you, then propose something else
> that provides a minimum level of security. Saying "well, only
> implementing Basic Authentication is OK" doesn't provide a minimum
> level of security, so it's not OK. I don't know why this is
> so hard.
>
> Larry
>

• Next message: Michael Sweet: "Re: IPP> Re: PRO - Issue 32: Use of Basic & DigestAuthentication"
• Previous message: Michael Sweet: "Re: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication"

Comments are owned by the poster. All other material is Copyright © 2001-2024 The Printer Working Group. All rights reserved. IPP Everywhere, the IPP Everywhere logo, and the PWG logo are trademarks of the IEEE-ISTO.
About the PWG · Privacy Policy · PWG Webmaster