IETF Logo Mail Archive

Re: [IPP] Requiring authentication for all IPP operations with "cloud" Infrastructure printer

"Kennedy, Smith (Wireless & IPP Standards) via ipp" <ipp@pwg.org> Fri, 12 November 2021 21:01 UTC

Return-Path: <ipp-bounces@pwg.org>
X-Original-To: ietfarch-ipp-archive@ietfa.amsl.com
Delivered-To: ietfarch-ipp-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2DE73A11C8 for <ietfarch-ipp-archive@ietfa.amsl.com>; Fri, 12 Nov 2021 13:01:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.998
X-Spam-Level:
X-Spam-Status: No, score=-2.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, MIME_HTML_MOSTLY=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pwg.org header.b=pXkMVzdX; dkim=pass (1024-bit key) header.d=pwg.org header.b=q271We0q; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=hp.com header.b=nPgtB0iS
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h1G9h8yczFoI for <ietfarch-ipp-archive@ietfa.amsl.com>; Fri, 12 Nov 2021 13:01:41 -0800 (PST)
Received: from mail.pwg.org (mail.pwg.org [50.116.7.199]) by ietfa.amsl.com (Postfix) with ESMTP id A750F3A11C7 for <ipp-archive2@ietf.org>; Fri, 12 Nov 2021 13:01:41 -0800 (PST)
Received: by mail.pwg.org (Postfix, from userid 1002) id EE969F08A; Fri, 12 Nov 2021 21:01:39 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.pwg.org EE969F08A
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=pwg.org; s=default; t=1636750899; bh=H4mJRp56ST6fe3waoy/okl/hfkCii9m2NV2g7T9B1io=; h=To:Date:References:In-Reply-To:Cc:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=pXkMVzdX7jdwOq2s6CneJW+5p4/1BC3w4xVHvyuY0VmLHMBQGw8/BtAngUjEC6Nvz 8LDu9a3HgB/dwwjqjcO8txRi0VqicyZVP7NCkZ3mZUrr8paZ3GcyNO3f9K5HH44QJK 5ZisUMxyfC7DKxY56ENdmIQ6Z1PlZ8BuXOB0nd+k=
Received: from mail.pwg.org (localhost [IPv6:::1]) by mail.pwg.org (Postfix) with ESMTP id 931DEEABB; Fri, 12 Nov 2021 21:01:36 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.pwg.org 931DEEABB
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=pwg.org; s=default; t=1636750896; bh=H4mJRp56ST6fe3waoy/okl/hfkCii9m2NV2g7T9B1io=; h=To:Date:References:In-Reply-To:Cc:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=q271We0qa39zFEtYJH7THiiNnhSIv8Rki2u6Q9osWNEMiNUrtEHmW3skm+wlu+xSW LIKrEtwXTp6ETlFmQBjmnkO35pAsq/nFHnwyFPnIPaoFiU4xOFIQIacihFs0TTE9xX 8y5sM/lrDiMpERVOSjaxVjMTFYeI/VyeYL9X8eOY=
X-Original-To: ipp@pwg.org
Delivered-To: ipp@pwg.org
Received: by mail.pwg.org (Postfix, from userid 1002) id F1852E8DC; Fri, 12 Nov 2021 21:01:34 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.pwg.org F1852E8DC
Authentication-Results: mail.pwg.org; dkim=pass (1024-bit key) header.d=hp.com header.i=@hp.com header.b="nPgtB0iS"
Received: from us-smtp-delivery-162.mimecast.com (us-smtp-delivery-162.mimecast.com [170.10.133.162]) by mail.pwg.org (Postfix) with ESMTPS id 821A536D8 for <ipp@pwg.org>; Fri, 12 Nov 2021 21:01:31 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.pwg.org 821A536D8
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hp.com; s=mimecast20180716; t=1636750890; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=48w8XexAHfbTta/gm0CQkjlPgrlXsrAhvw8bB4jVqKk=; b=nPgtB0iS36BkVoaQ4STS7HRKkWQPqupaOtklr3f2SefRsxghlak/Js02Ut8Q9u86LLXCyF JJUtdjHNp/LZ/Hc7smd1IgeOOTWpG3RykFBhD0UcqP0F9manKHVLEydbHitOsGGit0EI9L Ohuz8u7MMjezKfWTrz+TD44Bt+KCVaE=
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10lp2103.outbound.protection.outlook.com [104.47.55.103]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-46-1EplMlj3PRCNY9KVRO23Yw-1; Fri, 12 Nov 2021 16:01:27 -0500
X-MC-Unique: 1EplMlj3PRCNY9KVRO23Yw-1
Received: from CS1PR8401MB0518.NAMPRD84.PROD.OUTLOOK.COM (2a01:111:e400:7512::12) by CS1PR8401MB1240.NAMPRD84.PROD.OUTLOOK.COM (2a01:111:e400:750b::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.25; Fri, 12 Nov 2021 21:01:25 +0000
Received: from CS1PR8401MB0518.NAMPRD84.PROD.OUTLOOK.COM ([fe80::b5af:6e57:18ee:3516]) by CS1PR8401MB0518.NAMPRD84.PROD.OUTLOOK.COM ([fe80::b5af:6e57:18ee:3516%7]) with mapi id 15.20.4690.016; Fri, 12 Nov 2021 21:01:25 +0000
To: Michael Sweet <msweet@msweet.org>
Thread-Topic: Requiring authentication for all IPP operations with "cloud" Infrastructure printer
Thread-Index: AQHX1n3n2i29jCMPY0ORyH8b+lr3B6v9W3cAgAAJ82WAAB9rAIAAMbcAgAFrgICAAQwbAIAADNgAgAAo5wA=
Date: Fri, 12 Nov 2021 21:01:25 +0000
Message-ID: <4CDE601A-F0AF-4929-9B8A-B1308559D0D4@hp.com>
References: <0446E67E-3B0F-442B-B51E-ED7966C71E82@hp.com> <C1D8E8B0-614C-41AE-AAA3-23AECA70927E@msweet.org> <9DDE6032-F733-4540-99C7-D2F5A13766EA@hp.com> <0AFEFF7B-526F-4DE5-9F5C-2C91ABD717BA@msweet.org> <BD403A4C-D49F-4203-AC89-D458D598B9FA@hp.com> <CAN40gSs4OB441bZVYmx4T-VkCRqOiZScnGYHXZB3xkE1vzZMKA@mail.gmail.com> <77D30945-1B08-4954-BA1F-D66CB9A32B2C@hp.com> <12D1CCDB-B619-49B4-8209-4FABDA20887C@msweet.org>
In-Reply-To: <12D1CCDB-B619-49B4-8209-4FABDA20887C@msweet.org>
Accept-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3693.20.0.1.32)
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f86f47eb-faab-4fa5-c013-08d9a61f96f1
x-ms-traffictypediagnostic: CS1PR8401MB1240:
x-microsoft-antispam-prvs: <CS1PR8401MB124084963CE0243111A780CB9E959@CS1PR8401MB1240.NAMPRD84.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:6108
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: NC1X38w1l0W7zOvlpqRMfuKDayRDNhvGmpeplswXVjZDdhRW9os6BxxFaqKYcOoPfggco5XpWguCcUkktKM5qyGdqA8DdFuctudH6fCCqFzNaSNhAiSt/eXLTlOF0HPM6NgDMKc2TdjS8ZioeZZP6NZWELoDuMF2If5wvZ05QJkAlLXAfIc+nzPYzXusQ6y3MnuBkJAhSk4oFgnBpFEXQZLT4hmMWOxTREPVacd0gnKR5/vRHCWPN8dL/+eYmqNYf52yHezQrQ44rZYNkWVm8aGks6WUygWERgorT5szlYEykSzlbfaig8hlCYdtm7ncOX+L7V+BRBUWid/A58J95hFv0fBiHIQ4k7Fl6jdkco4phhqIuZG9cVIZW8158yDKQZuboMTf1ZPFgyGm0Lt1HP6vhoYTHJJNVAJn0cUttIvfgMX32Q+zm8h3VTSPfzraAG/cWhLw3NS39vUkjzoxmr4RtgwWaJjiitfDoRetif+Q87jdAWCLJjaMMBs2y6DL+02t0eAbXEKQNL/lM014kjRgBl5K+1KJp2J/W8pSFzthVBj4BhRzgorffhE99W2/6e/1g6m/U31iYfe/rqW7gfar9oUoojn/g2lEvFQ16atwFgKU6hQLdJ1U/Xf69EPeccXtvmGdLYo0n9+X0bopWr5NUWdQuuz/rMa70fWuIdFAUa9mmoScjCr6mWS5LKz9/tz7itX58nzF7p5mBxvC/Flnt3LhY1PmgtkNSmEs2y8TKlx+UGQq4ngRSliM40Nx
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CS1PR8401MB0518.NAMPRD84.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(53546011)(64756008)(83380400001)(4326008)(38070700005)(38100700002)(86362001)(8936002)(2906002)(66556008)(66446008)(6916009)(54906003)(8676002)(91956017)(316002)(5660300002)(66574015)(99936003)(2616005)(6506007)(186003)(122000001)(6512007)(82960400001)(26005)(6486002)(66946007)(76116006)(71200400001)(66476007)(508600001)(36756003)(33656002)(45980500001); DIR:OUT; SFP:1102
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?sPPiuKHwQGF770EC3zqP5ZZ4NuxPz8j7Ene/89GaS0m3eEWvmIcQ+z1Dl5mJ?= =?us-ascii?Q?EAx8eesar92sXg5GKJ4/eeJA/NVp7v4MKAwBGOk6+hcoiDf+XWcWBhJukUx3?= =?us-ascii?Q?Tjm+8L2FQ+jNQYMEd/lKBhQ5Jn+lDQdy5Dlli45lWxm3Giag4a7KJmHEHgA2?= =?us-ascii?Q?cyIFw49ZTEkD8whcU8O8Q8OBrlDlbW7cj1RzWBUvyodtkbqbKJNw3F5HRZJD?= =?us-ascii?Q?y6C0GgDCjBZWsSO3CMXJ1hcsZLB6G4qwVWXaxUCTI7s7W9E31QYe2qy3p0/t?= =?us-ascii?Q?1jd8Maj2N5QFhBTFvpIZz6Nk8VNi0LYc0zQScLLYotdWaK1uAZTkmtIaJ35D?= =?us-ascii?Q?XCWEQXVmPeC9mHlfFSUwAR+HYA0xx0Nhh9NY0rgcxMNQ1CZ/pNaSyfPpKuHK?= =?us-ascii?Q?XKqlK6kM81C1/He0Tm51EUugXo3k+HfZ+Pgp2m9RX0/Cc50MVXNcojWTGQ0K?= =?us-ascii?Q?zRmG4dGD29BKogvLrR7QiRcDjl2qHkC8nTqn0Wtw5AE3Dk6neW/+8m3oAxul?= =?us-ascii?Q?plZeGGLbJu5tiXB+UgtR3y+ZOzLNszobPLz/9XjRuvubSEMLjG58zUkuo/Z9?= =?us-ascii?Q?8FUzr1IwccUYL6HXxzvNhZw41qk2KrEWiiIZOjr8sD+uFytUd/MaHKuIytfU?= =?us-ascii?Q?VlG4ABXprR2lSbRs4mIMoIsnd+IGaq+XbQpCYphDcoExsYC+SHhDhpO4oUkh?= =?us-ascii?Q?/BHRthilIMIk0V9gw2o5+3UDoKUSachaE6OMGpzo8miD+QCh3m88frqE6VMz?= =?us-ascii?Q?ddzG69tnPP7hddYynSVuykfeA6sWIu0djtqq5vahZ1jDdOGGT7x6200hS1zP?= =?us-ascii?Q?XZCN1jZ3KseJG3jtkLZX+4Lr2v8+8qA7VxXu+qT4ic/GxmPc1vrceHUuWK9W?= =?us-ascii?Q?1GczlmWwNByuvYW/TU5jZWyAng4mpILzQgWlOqbL6imoHNMtmMIrpDjqc6lM?= =?us-ascii?Q?6QUS9FY6xAm5k/OmlNLgXomn4URHhs/TSxYV1svCcL9h7kT3llY7c39MPwKd?= =?us-ascii?Q?exGf+pP6uYWJ6f3ZiLrUIHSy0KK/K9Wr0vcZiLPXkk77qObHL3tRvnKdyX61?= =?us-ascii?Q?sH2szWprzRwfuk/7zHWLet+jXUW/MNKrcsGKJoQK5Oatwy0YLLJgtOcE24wN?= =?us-ascii?Q?3fZqan9FYefDlXomNGRhM68a+oegyTEJSXWamr2xRQg2d/HfjQhanL6cuIiZ?= =?us-ascii?Q?/2Ibo4BPQ5KD+C/NyCK2Vxit8xmW/9qdt7fKdfx8Mgr1vqTuhRXOEjgie/Dk?= =?us-ascii?Q?jULqwRcEd7YGtIQkgWZ2XDcAtev1hR8hHwevxb3CiXJGrQRa9d0R4t1tCNG8?= =?us-ascii?Q?5/RGSiof0VUOcfbHhBdWLTdx4QGZv/m2HpC5aze0RmfX+1nxaHbfsC9Q2BPa?= =?us-ascii?Q?ju6RBYfQGIt6C2BCJ7WfEC6Z8wYhnFZDT9XhmOYKP9Px/2jChkfLvUfX6Rc6?= =?us-ascii?Q?mo2oM50atkJm6O5k8+ZWJhPFwpTGz0Y+hrTAgo/46BcLMRq7nT8CiHMUnRNn?= =?us-ascii?Q?N/IwKr5SNAMRvbwjJbGQ1D2WdNxUwyNneW1WR93hdrfrH51zsZ7PtDKzcyHD?= =?us-ascii?Q?4zbKeW9c83BzrAtG5Crz6qtIk9iny8wa0r+Ri7nDMRTB3dO/QhCpVdGCvRi1?= =?us-ascii?Q?wD1I7axFk8twCsMXauIIKCw=3D?=
MIME-Version: 1.0
X-OriginatorOrg: hp.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CS1PR8401MB0518.NAMPRD84.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: f86f47eb-faab-4fa5-c013-08d9a61f96f1
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Nov 2021 21:01:25.3179 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: ca7981a2-785a-463d-b82a-3db87dfc3ce6
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pJdSGMHj96u2WSaU08GPtv5Mli3GWNyBQ3tlulbf8XCO7/s9XIiirAVwn22asJlz3cPDSp1y3NlKcv97KlXEeA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CS1PR8401MB1240
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA62A171 smtp.mailfrom=smith.kennedy@hp.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: hp.com
Content-Language: en-US
Cc: PWG IPP WG Reflector <ipp@pwg.org>
Subject: Re: [IPP] Requiring authentication for all IPP operations with "cloud" Infrastructure printer
X-BeenThere: ipp@pwg.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: ISTO-PWG Internet Printing Protocol workgroup discussion forum <ipp.pwg.org>
List-Unsubscribe: <https://www.pwg.org/mailman/options/ipp>, <mailto:ipp-request@pwg.org?subject=unsubscribe>
List-Archive: <http://www.pwg.org/pipermail/ipp/>
List-Post: <mailto:ipp@pwg.org>
List-Help: <mailto:ipp-request@pwg.org?subject=help>
List-Subscribe: <https://www.pwg.org/mailman/listinfo/ipp>, <mailto:ipp-request@pwg.org?subject=subscribe>
From: "Kennedy, Smith \(Wireless & IPP Standards\) via ipp" <ipp@pwg.org>
Reply-To: "Kennedy, Smith \(Wireless & IPP Standards\)" <smith.kennedy@hp.com>
Content-Type: multipart/mixed; boundary="===============5634287156822946836=="
Errors-To: ipp-bounces@pwg.org
Sender: "ipp" <ipp-bounces@pwg.org>

Hi Mike,

> On Nov 12, 2021, at 11:34 AM, Michael Sweet <msweet@msweet.org> wrote:
> 
> Smith,
> 
>> On Nov 12, 2021, at 12:49 PM, Kennedy, Smith (Wireless & IPP Standards) <smith.kennedy@hp.com> wrote:
>> 
>> Hi Ira,
>> 
>> As you suggested, I've added the IPP Workgroup reflector to the list of recipients to bring this sidebar discussion into the forum without having to start from scratch.
>> 
>>> I do agree that it's not desirable that IPP Infrastructure Printers should
>>> accept anything except Get-Printers w/out TLS security.
>> 
>> If an Infrastructure Printer object is supposed to be available on the Internet but for "private use only", how does that work given the legacy Get-Printer-Attributes use precedent?
> 
> OK, some (hopefully obvious) observations:
> 
> 0. We need to separate the notion of legal access and protocol access to a service.
> 1. A service that accepts connections over the Internet is, by definition, publicly accessible at the protocol level.
> 2. Get-Printer-Attributes (and Get-System-Attributes) allow a Client to determine the *legal* access permissions.

So protocol access == YES and legal access == YES for Get-Printer-Attributes and Get-System-Attributes.

> 3. All other operations enforce the legal access permissions.

So protocol access == YES but legal access == MAYBE (may require authentication).

If Get-Printer-Attributes and Get-System-Attributes are always legally accessible, then it seems to me that all of the Printer's Printer Description attributes and/or System's System Description attributes have to be "safe" i.e. free of PII and not confidential. And we need to clearly assert that somewhere so that we can point to that assertion.


> 
>> What should the response be from the "System Service" or other process actually hosting the IPP Printer object? HTTP 404? Or an IPP layer equivalent? I'm not sure we ever considered this use case in 5100.18.
> 
> HTTP 200 OK with the full set of attributes and values.
> 
>> At the very least, we need to have a statement / paper prepared that provides guidance to Infrastructure Printer implementors to the critique that a Get-Printer-Attributes does not constitute either a security or a privacy risk. If each cloud / Infrastructure Printer hosting provider does something different, that makes it very difficult for client implementations to support in any consistent way.
> 
> It makes sense to add a discussion of Get-Printer-Attributes to the IPP/2.x update and log an issue against PWG 5100.22 for Get-System-Attributes.  We might also include references to this in 5100.18.

I think from the point of view of a vendor or service provider that owns or manages a publicly accessible IPP Printer object, I would want a clear and confidently stated statement that this is by design and doesn't represent an attack surface so long as the set of Printer Description / Printer Status attributes are "safe", so that if we get scrutinized by someone claiming a security concern, we can reference the PWG clauses and say "works as expected".

> 
> ________________________
> Michael Sweet


_______________________________________________
ipp mailing list
ipp@pwg.org
https://www.pwg.org/mailman/listinfo/ipp

v2.8.7 | Report a Bug | By Email