IETF Logo Mail Archive

Re: [IPP] IPP Enterprise Printing Extensions: Feature Names and Job Types

"Kennedy, Smith \(Wireless & IPP Standards\) via ipp" <ipp@pwg.org> Mon, 06 January 2020 19:32 UTC

Return-Path: <ipp-bounces@pwg.org>
X-Original-To: ietfarch-ipp-archive@ietfa.amsl.com
Delivered-To: ietfarch-ipp-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 518D11200EB for <ietfarch-ipp-archive@ietfa.amsl.com>; Mon, 6 Jan 2020 11:32:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=hp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZpgkA7F7vsQt for <ietfarch-ipp-archive@ietfa.amsl.com>; Mon, 6 Jan 2020 11:32:44 -0800 (PST)
Received: from mail.pwg.org (mail.pwg.org [50.116.7.199]) by ietfa.amsl.com (Postfix) with ESMTP id 55073120077 for <ipp-archive2@ietf.org>; Mon, 6 Jan 2020 11:32:44 -0800 (PST)
Received: by mail.pwg.org (Postfix, from userid 1002) id 3640526AA; Mon, 6 Jan 2020 19:32:43 +0000 (UTC)
Received: from mail.pwg.org (localhost [IPv6:::1]) by mail.pwg.org (Postfix) with ESMTP id B2233260B; Mon, 6 Jan 2020 19:32:37 +0000 (UTC)
X-Original-To: ipp@pwg.org
Delivered-To: ipp@pwg.org
Received: by mail.pwg.org (Postfix, from userid 1002) id D08BD3AEB; Mon, 6 Jan 2020 19:32:35 +0000 (UTC)
Received: from us-smtp-delivery-162.mimecast.com (us-smtp-delivery-162.mimecast.com [216.205.24.162]) by mail.pwg.org (Postfix) with ESMTPS id AAF90260B for <ipp@pwg.org>; Mon, 6 Jan 2020 19:32:33 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hp.com; s=mimecast20180716; t=1578339152; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=7CagR9oNCGrFajOZ63G8rTdfIfQ79F5GAHG+tsUVkKQ=; b=aS4xOtMASozD67k2WLGJvaRatRKd5vIZPY+kIg56lAp4HF8R9G37o/wBf494M2uETHSGzM WHYTR/T+lEvDaygUcFLRfFhGlSasxVkFUQs/UtrfnQ99Scmi05AKFvc+EKZZwxZbVSFtPp KGWsHXWf5N4aGKpxHEbDtEin4e97qh0=
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (mail-sn1nam04lp2058.outbound.protection.outlook.com [104.47.44.58]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-297-Gv6AMMhkNCuQ-U_Gpz9IxA-1; Mon, 06 Jan 2020 14:32:28 -0500
X-MC-Unique: Gv6AMMhkNCuQ-U_Gpz9IxA-1
Received: from CS1PR8401MB0726.NAMPRD84.PROD.OUTLOOK.COM (10.169.15.23) by CS1PR8401MB1191.NAMPRD84.PROD.OUTLOOK.COM (10.169.13.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2602.12; Mon, 6 Jan 2020 19:32:27 +0000
Received: from CS1PR8401MB0726.NAMPRD84.PROD.OUTLOOK.COM ([fe80::1b2:a9eb:ebc0:ca95]) by CS1PR8401MB0726.NAMPRD84.PROD.OUTLOOK.COM ([fe80::1b2:a9eb:ebc0:ca95%7]) with mapi id 15.20.2602.015; Mon, 6 Jan 2020 19:32:27 +0000
To: Willem Groenewald <willem.groenewald@papercut.com>
Thread-Topic: [IPP] IPP Enterprise Printing Extensions: Feature Names and Job Types
Thread-Index: AQHVtcZJCrAIJaBxukqKJ9ypQZzT4Kfc1lMAgAFOLIA=
Date: Mon, 06 Jan 2020 19:32:26 +0000
Message-ID: <864A65F8-413C-42A2-80EB-0BCF903357E7@hp.com>
References: <7FAD4B6B-056C-4025-91C2-E7FECEA2D1B6@hp.com> <CAHnR74KtGhF1fTA3xvMrRzuzy7y=8ctDazi4Y5Sj7_F5FoS51g@mail.gmail.com>
In-Reply-To: <CAHnR74KtGhF1fTA3xvMrRzuzy7y=8ctDazi4Y5Sj7_F5FoS51g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=smith.kennedy@hp.com;
x-originating-ip: [66.232.89.139]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 928382db-61be-4d3f-0ac0-08d792df29ab
x-ms-traffictypediagnostic: CS1PR8401MB1191:
x-microsoft-antispam-prvs: <CS1PR8401MB11919311D9F2946FEDCD12929E3C0@CS1PR8401MB1191.NAMPRD84.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:6790;
x-forefront-prvs: 0274272F87
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(136003)(376002)(396003)(366004)(346002)(6602003)(51914003)(189003)(199004)(54906003)(316002)(478600001)(6506007)(53546011)(19273905006)(66616009)(66946007)(66446008)(64756008)(81156014)(5660300002)(66476007)(86362001)(76116006)(36756003)(66556008)(966005)(81166006)(8936002)(91956017)(8676002)(33656002)(2616005)(6486002)(6512007)(6916009)(2906002)(186003)(71200400001)(4326008)(26005); DIR:OUT; SFP:1102; SCL:1; SRVR:CS1PR8401MB1191; H:CS1PR8401MB0726.NAMPRD84.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: BQrQEnj3lpOZz+C+1nA9q05mieXRrObBixsfIESqPtYjeS+CFk96R/i9JK5mvWNaNn7oDN6shMN/swReqXAzk1iRyPgju+HTk9UWjsj6W5bdoYT/1ozQ6HKhVm++lb/AWukvRS+vfDuEHXdzpuJYnkvtQSoZCL1OXtTpq6ZKAWF00EC+J7Jz2B4oN3lcm9kWSG4loikR2VUg3lP3wT24Crey2tLRap+N7lb3pWTHHrIrOO8PvNc4p/q2TSDrmJrn8RYAnIecaVpq7RlhMkKZ5ng+rM/bc4eDAQmCZtukkN7ToEe2P5b355fI4gtoOYrZ519k6XYgnBc1i0zoJERWej/rOxmOoooYLcT+zKc4U3GFoSp9tamdOWbaosPR+LESPQ87AjVoNKY9AnIR2X5WlULJ/QOg0IqO/Nd9nEx5S94ztMCdOEIqwNyG/QZJIQB0wnZUFteHtAJHM62mTcoYt3WvczoiKLJZW1U3N1q+j72nRDppkC4YIoWTl6B5McCuAm29WUhlq/IrZjjM1NjN1b3DGsysW8tyRyK521GiWjprhHXMIdmmWiQGnAE3GU6T
x-ms-exchange-transport-forked: True
MIME-Version: 1.0
X-OriginatorOrg: hp.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 928382db-61be-4d3f-0ac0-08d792df29ab
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Jan 2020 19:32:26.8663 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: ca7981a2-785a-463d-b82a-3db87dfc3ce6
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: NZfm5LpNBI266a0TNbXkpS0+QQV4Z7QY+hbqLiY1UBLTfo8TwEs3UWe11CzTPpu0754/97LR/49VvwQTEOhR8Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CS1PR8401MB1191
X-Mimecast-Spam-Score: 0
Cc: PWG IPP WG Reflector <ipp@pwg.org>, Behzad Mozaffari <behzad.mozaffari@papercut.com>, Chris Dance <chris.dance@papercut.com>
Subject: Re: [IPP] IPP Enterprise Printing Extensions: Feature Names and Job Types
X-BeenThere: ipp@pwg.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: ISTO-PWG Internet Printing Protocol workgroup discussion forum <ipp.pwg.org>
List-Unsubscribe: <https://www.pwg.org/mailman/options/ipp>, <mailto:ipp-request@pwg.org?subject=unsubscribe>
List-Archive: <http://www.pwg.org/pipermail/ipp/>
List-Post: <mailto:ipp@pwg.org>
List-Help: <mailto:ipp-request@pwg.org?subject=help>
List-Subscribe: <https://www.pwg.org/mailman/listinfo/ipp>, <mailto:ipp-request@pwg.org?subject=subscribe>
From: "Kennedy, Smith (Wireless & IPP Standards) via ipp" <ipp@pwg.org>
Reply-To: "Kennedy, Smith (Wireless & IPP Standards)" <smith.kennedy@hp.com>
Content-Type: multipart/mixed; boundary="===============2437627970188038730=="
Errors-To: ipp-bounces@pwg.org
Sender: ipp <ipp-bounces@pwg.org>

Hi Willem,

Thanks for the feedback! Replies below.

Smith

/**
    Smith Kennedy
    HP Inc.
*/

> On Jan 5, 2020, at 4:36 PM, Willem Groenewald <willem.groenewald@papercut.com> wrote:
> 
> Hi Smith
> 
> Apologies for the delay, just returned from leave.
> 
> Here are a few comments on the naming (probably more "thoughts" to spark some thinking):
> 
> 1) The use-cases and flows around "Password Protected Job" and "User Credential Protected Job" are very similar.  The names should be related.  e.g. both are "release" and path "protect" the job.  It's the means of protection that are changing.  Hence we'd recommend having very similar names.  If you're keen to add the word "release", we'd suggest making sure this also exists on the password protected job too.

Mike Sweet earlier responded with a similar suggestion that I name them "Release Printing", so I'm going to go with that in the next revision, that I'm working on currently.

> 
> 2) We've taken a look at the draft of the Enterprise Printing Extensions v2.0 w.r.t these mentioned features, and would love an opportunity to dive a little deeper around security. Some immediate thoughts from a quick look, that may or may not have been considerer, are:
> The use of hashing methods that are no longer considered "secure".  Would it make sense for a standard released in 2020 include these as options?
> Requiring these features to be available over TLS connections
> Have downgrade (or reply) attacks been considered?
These are all very good questions, but require some explanation. Let's see how I do here and if you have more questions, we can continue to discuss.

This IPP Enterprise Printing Extensions v2.0 is a v2.0 because it is a refactoring and renaming of the PWG 5100.11-2010 (IPP Job and Printing Extensions - Set 2 (JPS2)) specification that dates to 2010.

The "job-password" and "job-password-encryption" attributes originated in that spec. When I worked on adding the "job-password-repertoire" registration in 2015, that registration deprecated a number of the "job-password-encryption" methods and added newer ones. We deprecated MD2, MD4, MD5 and SHA1. In the PWG, "deprecated" means that Printers SHOULD NOT support them, and operators SHOULD NOT use them if they are supported by one of their printers. We have yet to obsolete them out of concern for backward compatibility, but it has now been 4 years. If you are suggesting that we obsolete these in IPP Enterprise Printing Extensions v2.0, I think we should consider it in the IPP WG. Are there others you think should be deprecated or added?

I don't think we can require TLS when "job-password" is used without breaking backward compatibility. I personally think TLS ought to be required by all Printers deployed in the field. Some of this comes down to a delta between conformance requirements and deployment policy.

When you ask about downgrade or replay attacks (you meant "replay", not "reply", right?), can you be more specific about your concerns?


> Cheers,
> 
> Chris & Bez in the PaperCut Dev Team (plus now Willem)
> 
> 
> 
> On Thu, 19 Dec 2019 at 04:12, Kennedy, Smith (Wireless & IPP Standards) via ipp <ipp@pwg.org <mailto:ipp@pwg.org>> wrote:
> Hi there,
> 
> I'm in the process of producing a new draft of IPP Enterprise Printing Extensions v2.0 (EPX) and I'm trying to nail down the "feature names" and "job types" for the several features defined therein.
> 
> What I have thus far is this:
> 
> Job Password
>         • Feature: Password Job Protection
>         • Job Type: Password Protected Job
>         • Use Case: Protecting a Job with a Password
> 
> Job Storage
>         • Feature: Job Storage
>         • Job Type: Stored Job
>         • Use Case: Storing a Job for Later Reprinting, Reprinting a Stored Job
> 
> Proof Print
>         • Feature: Proof Print
>         • Job Type: Proof Job
>         • Use Case: Proof Printing
> 
> Authenticated Release
>         • Feature: Authenticated Release? Credential Job Protection?
>         • Job Type: User Credential Protected Job?
>         • Use Case: Protecting a Job with User Authentication Credentials
> 
> Any feedback on any of these labels? Thanks for any help!
> 
> Smith
> 
> /**
>     Smith Kennedy
>     HP Inc.
> */
> 
> _______________________________________________
> ipp mailing list
> ipp@pwg.org <mailto:ipp@pwg.org>
> https://www.pwg.org/mailman/listinfo/ipp <https://www.pwg.org/mailman/listinfo/ipp>
> 
> 
> --
> Willem Groenewald
> Product Owner
>  <http://www.papercut.com/>
> mob:  +61 439 584 646
> web:    www.papercut.com <http://www.papercut.com/>
> 
>  <https://twitter.com/papercutdev>   <https://facebook.com/papercutsoftware>   <http://www.linkedin.com/company/papercut-software>   <https://google.com/+PaperCutSoftware>   <https://youtube.com/papercutsoftware>
> 
> Please consider the environment before printing this email... or install PaperCut and let it do the considering for you!


_______________________________________________
ipp mailing list
ipp@pwg.org
https://www.pwg.org/mailman/listinfo/ipp

v2.23.0 | Report a Bug | By Email