RE: IPP> TLS security section of protocol document
"Turner, Randy" <rturner@sharplabs.com> Tue, 03 February 1998 18:53 UTC
Delivery-Date: Tue, 03 Feb 1998 13:53:58 -0500
Return-Path: ipp-owner@pwg.org
Received: from ns.cnri.reston.va.us (cnri [132.151.1.1]) by ns.ietf.org (8.8.7/8.8.7a) with ESMTP id NAA10474 for <ietf-archive@ietf.org>; Tue, 3 Feb 1998 13:53:57 -0500 (EST)
Received: from lists.underscore.com (uscore-2.mv.com [199.125.85.31]) by ns.cnri.reston.va.us (8.8.5/8.8.7a) with ESMTP id NAA09138 for <ietf-archive@cnri.reston.va.us>; Tue, 3 Feb 1998 13:56:36 -0500 (EST)
Received: from localhost (daemon@localhost) by lists.underscore.com (8.7.5/8.7.3) with SMTP id NAA10825 for <ietf-archive@cnri.reston.va.us>; Tue, 3 Feb 1998 13:53:47 -0500 (EST)
Received: by pwg.org (bulk_mailer v1.5); Tue, 3 Feb 1998 13:44:56 -0500
Received: (from daemon@localhost) by lists.underscore.com (8.7.5/8.7.3) id NAA09062 for ipp-outgoing; Tue, 3 Feb 1998 13:06:37 -0500 (EST)
Message-ID: <D10983CAC30DD111B41400805FA6A1C12722CA@admsrvnt02.enet.sharplabs.com>
From: "Turner, Randy" <rturner@sharplabs.com>
To: 'Carl Kugler' <kugler@us.ibm.com>
Cc: "'ipp@pwg.org'" <ipp@pwg.org>
Subject: RE: IPP> TLS security section of protocol document
Date: Tue, 03 Feb 1998 10:03:11 -0800
X-Priority: 3
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.0.1458.49)
Content-Type: text/plain; charset="iso-8859-1"
Sender: ipp-owner@pwg.org
This and other work being considered for credential delegation would be potential solutions but nothing is standards-track (yet), and it is unclear whether anything is being considered for any kind of near-term deployment. If anyone has any other info, please post the DL. I haven't seen any activity on the ietf-tls-apps mailing list either. I just thought a paragraph describing the current situation might be needed in the protocol document, possibly before submission to the IESG for publication as an RFC. Randy -----Original Message----- From: Carl Kugler [SMTP:kugler@us.ibm.com] Sent: Tuesday, February 03, 1998 8:56 AM To: ipp@pwg.org Subject: Re: IPP> TLS security section of protocol document Is the approach in Network Working Group Ari Luotonen Request for Comments: XXXX Netscape Communications Corporation Category: Informational September, 1997 Tunneling SSL through Web Proxy Servers draft-luotonen-ssl-tunneling-03.txt, expires on 9/26/97 being considered for TLS? -Carl ipp-owner@pwg.org on 02/02/98 02:25:38 PM Please respond to ipp-owner@pwg.org @ internet To: ipp@pwg.org @ internet cc: Subject: IPP> TLS security section of protocol document Just a note from the WG meeting in Hawaii... During the discussions of security related matters regarding using multiple HTTP methods at the last meeting, Josh brought up a point that proxies should be no problem with using a new method (such as PRINT) because it would just transparently pass it on through. I'm assuming that proxies do this with all methods the proxy does not recognize (unless some type of method filtering is turned on). This discussion got me thinking about proxies and IPP in general, with my initial conclusion being that we have a problem using TLS for end-to-end security in the presence of proxies. There is currently no standard for delegation of authentication info across proxies ( or any kind of "firewall" type of software). If the IPP client is configured to work with a particular proxy, and the IPP client is attempting communication with a TLS-based printer URI, we might need to indicate in the protocol document that this (and possibly other scenarios) can happen and what the implications of these scenarios might be. My immediate question is do we consider updating the security considerations section of the protocol document prior to IETF last call? Randy
- IPP> TLS security section of protocol document Turner, Randy
- Re: IPP> TLS security section of protocol document Carl Kugler
- RE: IPP> TLS security section of protocol document Turner, Randy
- Re: IPP> TLS security section of protocol document Carl-Uno Manros