IETF Logo Mail Archive

Re: IPP> TLS security section of protocol document

Carl Kugler <kugler@us.ibm.com> Tue, 03 February 1998 17:22 UTC

Delivery-Date: Tue, 03 Feb 1998 12:22:57 -0500
Return-Path: ipp-owner@pwg.org
Received: from ns.cnri.reston.va.us (cnri [132.151.1.1]) by ns.ietf.org (8.8.7/8.8.7a) with ESMTP id MAA08390 for <ietf-archive@ietf.org>; Tue, 3 Feb 1998 12:22:56 -0500 (EST)
Received: from lists.underscore.com (uscore-2.mv.com [199.125.85.31]) by ns.cnri.reston.va.us (8.8.5/8.8.7a) with ESMTP id MAA08398 for <ietf-archive@cnri.reston.va.us>; Tue, 3 Feb 1998 12:25:36 -0500 (EST)
Received: from localhost (daemon@localhost) by lists.underscore.com (8.7.5/8.7.3) with SMTP id MAA08486 for <ietf-archive@cnri.reston.va.us>; Tue, 3 Feb 1998 12:22:50 -0500 (EST)
Received: by pwg.org (bulk_mailer v1.5); Tue, 3 Feb 1998 12:11:33 -0500
Received: (from daemon@localhost) by lists.underscore.com (8.7.5/8.7.3) id LAA07670 for ipp-outgoing; Tue, 3 Feb 1998 11:55:53 -0500 (EST)
From: Carl Kugler <kugler@us.ibm.com>
To: ipp@pwg.org
Subject: Re: IPP> TLS security section of protocol document
Message-ID: <5030100017003897000002L072*@MHS>
Date: Tue, 03 Feb 1998 11:55:39 -0500
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Sender: ipp-owner@pwg.org
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ns.ietf.org id MAA08390

Is the approach in

  Network Working Group                                      Ari Luotonen
  Request for Comments: XXXX          Netscape Communications Corporation
  Category: Informational                                 September, 1997

                Tunneling SSL through Web Proxy Servers

 draft-luotonen-ssl-tunneling-03.txt, expires on 9/26/97

being considered for TLS?

  -Carl



ipp-owner@pwg.org on 02/02/98 02:25:38 PM
Please respond to ipp-owner@pwg.org @ internet
To: ipp@pwg.org @ internet
cc:
Subject: IPP> TLS security section of protocol document



Just a note from the WG meeting in Hawaii...

During the discussions of security related matters regarding using
multiple
HTTP methods at the last meeting, Josh brought up a point that proxies
should be no problem with using a new method (such as PRINT) because it
would just transparently pass it on through. I'm assuming that proxies
do this with all methods the proxy does not recognize (unless some type
of method filtering is turned on).

This discussion got me thinking about proxies and IPP in general, with
my initial conclusion being that we have a problem using TLS for
end-to-end security in the presence of proxies. There is currently no
standard for delegation of authentication info across proxies ( or any
kind of "firewall" type of software). If the IPP client is configured to
work with a particular proxy, and the IPP client is attempting
communication with a TLS-based printer URI, we might need to indicate in
the protocol document that this (and possibly other scenarios) can
happen and what the implications of these scenarios might be.

My immediate question is do we consider updating the security
considerations section of the protocol document prior to IETF last call?

Randy

v2.23.0 | Report a Bug | By Email