[IPP] Historical exclusion of authentication for Get-Printer-Attributes
Michael Sweet via ipp <ipp@pwg.org> Fri, 14 January 2022 02:11 UTC
Return-Path: <ipp-bounces@pwg.org>
X-Original-To: ietfarch-ipp-archive@ietfa.amsl.com
Delivered-To: ietfarch-ipp-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id E0D683A1552
for <ietfarch-ipp-archive@ietfa.amsl.com>; Thu, 13 Jan 2022 18:11:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.099
X-Spam-Level:
X-Spam-Status: No, score=-3.099 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MAILING_LIST_MULTI=-1,
SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=pwg.org header.b=N7yqCJ2q; dkim=pass (1024-bit key)
header.d=pwg.org header.b=dPfHjTnL; dkim=fail (1024-bit key)
reason="fail (message has been altered)" header.d=msweet.org
header.b=i15jLTL9
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 3LXDAGz2grSQ for <ietfarch-ipp-archive@ietfa.amsl.com>;
Thu, 13 Jan 2022 18:11:19 -0800 (PST)
Received: from mail.pwg.org (mail.pwg.org [50.116.7.199])
by ietfa.amsl.com (Postfix) with ESMTP id B12C63A1550
for <ipp-archive2@ietf.org>; Thu, 13 Jan 2022 18:11:19 -0800 (PST)
Received: by mail.pwg.org (Postfix, from userid 1002)
id 111741C79; Fri, 14 Jan 2022 02:11:18 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.pwg.org 111741C79
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=pwg.org; s=default;
t=1642126279; bh=7uyvFjDiv2Yfiy8YGc4+zim6rvueaizyKGuGZrRLBjQ=;
h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:
List-Help:List-Subscribe:From:Reply-To:From;
b=N7yqCJ2q85jVsb7ZPCOgPjd5Ia5GC/u93SmEbAszX+8BnWe8hdefsKRNsJ+Ev5Pka
rp+urhVXjNRSd13zlzQJWbKSHaA0eMePA+JnPLDAkIQVFvwNAhOwVztZTHO3KFcoA5
XlwOpp42Osn9lnqtr1o7dILU4cQclzJLuMvmMPXw=
Received: from mail.pwg.org (localhost [IPv6:::1])
by mail.pwg.org (Postfix) with ESMTP id 901F12458;
Fri, 14 Jan 2022 02:11:17 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.pwg.org 901F12458
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=pwg.org; s=default;
t=1642126277; bh=7uyvFjDiv2Yfiy8YGc4+zim6rvueaizyKGuGZrRLBjQ=;
h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:
List-Help:List-Subscribe:From:Reply-To:From;
b=dPfHjTnLvAqkJT5oW0UoYp9yI1E3I6uYqzo6QHvQrgbq7BcxgjozC+3d4kK0sBx5o
o8lk9dA/V9WTneSAu+6tEhfkexB79CIgQ37qY4QGUPhPUnTGRT1cMLVxm4xH/ayvje
mVm0w3CyPwb8fp6nY5joZLRhANeL8vtJrcwjROH0=
X-Original-To: ipp@pwg.org
Delivered-To: ipp@pwg.org
Received: by mail.pwg.org (Postfix, from userid 1002)
id 802F92456; Fri, 14 Jan 2022 02:11:16 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.pwg.org 802F92456
Authentication-Results: mail.pwg.org;
dkim=pass (1024-bit key) header.d=msweet.org header.i=@msweet.org
header.b="i15jLTL9"
Received: from mail.msweet.org (mail.msweet.org [173.255.209.91])
by mail.pwg.org (Postfix) with ESMTP id 1ABBEA74
for <ipp@pwg.org>; Fri, 14 Jan 2022 02:11:15 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.pwg.org 1ABBEA74
Received: from smtpclient.apple (cbl-66-186-76-47.vianet.ca [66.186.76.47])
by mail.msweet.org (Postfix) with ESMTPSA id 5BABF81DAD;
Fri, 14 Jan 2022 02:11:15 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.msweet.org 5BABF81DAD
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=msweet.org;
s=default; t=1642126275;
bh=0h+1G94/RvRq4A3Cd96M/TyABr0dl0Ud8TFP/lGQcH8=;
h=From:Date:Subject:To:From;
b=i15jLTL9SBBR+e4gg7LFmWVu6L7ne5ORToTL9vXMroV70uv46LlhThDZJu8thjgzw
T2N1Fgsl2YuE0kjwjo0LilHJcHDuYfr1BxWRHzFCiAmBJEYLMAQ9i1rqklxiVz1cps
yXjKP2nJOa1pYjdvdaVbZ/2AZT6TWPbretQFAKik=
Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.40.0.1.81\))
Date: Thu, 13 Jan 2022 21:11:13 -0500
Message-Id: <ACB0DACF-82AE-478B-A057-42A16BBD55BE@msweet.org>
To: PWG IPP Workgroup <ipp@pwg.org>
X-Mailer: Apple Mail (2.3693.40.0.1.81)
Subject: [IPP] Historical exclusion of authentication for
Get-Printer-Attributes
X-BeenThere: ipp@pwg.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: ISTO-PWG Internet Printing Protocol workgroup discussion forum
<ipp.pwg.org>
List-Unsubscribe: <https://www.pwg.org/mailman/options/ipp>,
<mailto:ipp-request@pwg.org?subject=unsubscribe>
List-Archive: <http://www.pwg.org/pipermail/ipp/>
List-Post: <mailto:ipp@pwg.org>
List-Help: <mailto:ipp-request@pwg.org?subject=help>
List-Subscribe: <https://www.pwg.org/mailman/listinfo/ipp>,
<mailto:ipp-request@pwg.org?subject=subscribe>
From: Michael Sweet via ipp <ipp@pwg.org>
Reply-To: Michael Sweet <msweet@msweet.org>
Content-Type: multipart/mixed; boundary="===============6494722098866431402=="
Errors-To: ipp-bounces@pwg.org
Sender: "ipp" <ipp-bounces@pwg.org>
[This documents behavior that goes back to RFC 2566 - Internet Printing Protocol/1.0: Model and Semantics] The Get-Printer-Attributes operation is unique in that it does not support authentication of any kind. The primary reason for this is that it is needed for discovering the supported URIs, security, and authentication methods for the Printer via the "printer-uri-supported", "printer-xri-supported", "uri-authentication-supported", and "uri-security-supported" attributes. A secondary reason is that the corresponding SNMP Printer MIB elements are likewise available without authentication. Unfortunately, when we updated RFC 2911 (what became RFC 8011 and STD 92) we forgot to explicit call this out, instead relying on the historical omission of any "access rights" paragraph in the definition of the Get-Printer-Attributes operation. All other operations in RFC 2566/2911/8011 provide (directly or indirectly) a statement about the users that are allowed to send the operation, whose identity comes from the "most authenticated" source. While the Get-Printer-Attributes description is silent on this, every IPP implementation since IPP/1.0 has allowed Get-Printer-Attributes requests without authentication in order to allow Clients to discover Printers, and the major IPP-based driverless printing standards (AirPrint, IPP Everywhere, Mopria, Wi-Fi Direct Printing) all depend on it. Several years ago we defined a new Get-User-Printer-Attributes operation that performs the same query as Get-Printer-Attributes but that explicitly allows authentication in order to filter Printer capabilities based on the most authenticated user identity and whatever policy is in effect on the Printer. ________________________ Michael Sweet
_______________________________________________ ipp mailing list ipp@pwg.org https://www.pwg.org/mailman/listinfo/ipp
- [IPP] Historical exclusion of authentication for … Michael Sweet via ipp