Minutes of IPP Security Conference call - 4/24/97

Participants: Roger deBry, Keith Carter, Carl-Uno Manros (and
Xerox team - Daniel, Steve, John), Keith Carter, Jerry Hadsell,
Steve Zilles

Carl-Uno reviewed an internal meeting held at Xerox where Dave Crocker,
a long time IETF person, participated in a security discussion. Key
points that came out of the Xerox meeting were

o Need to limit the scope of IPP security to problems that are
  solvable with current or close in technology.  Specifically
  need to exclude secure print by reference from the current scope.
  No work going on in the ietf which will solve this problem.

o Defined four levels of security.
  - No security at all
  - Privacy only, within a trusted environment
  - Client authentication only, mainly for authorization
  - Mutual authentication and privacy, only for highest security

o Some threats are not important enough to try to solve. Others can
  be solved without additional specific security mechanisms. Spamming
  was given as an example of a threat that could easily be solved
  without requiring a specific security mechanism in IPP.

o Two places were mentioned where we would like to see the ietf security
  work:
  - authorization
  - key management

o Two approaches to security were discussed
  - Channel level security
  - Object level security

o There was some discussion on the use of Mime types for IPP.
  Dave Crocker thought that this was a useful idea. Mimes can be
  encrypted and signed. There was also some discussion on the call
  on creating unique mime types for each pdl. We concluded that this
  was a good idea but that each mime-type would have to declare how
  versions of the pdl were to be handled.  The protocol group should
  look into this.

o There was some discussion on firewalls.  Do firewalls trigger off
  port 80? If they do, there may be some benefit to having a unique
  port number for IPP. We agreed that this would also be desired if
  we ended up using some subset of http.

o Dave suggested that some candidates for IPP security not be
  considered:
  - SHTTP - not widely deployed and not favored by the ietf
  - SASL - too new to consider, won't meet our time frame

o For channel security, the following were recommended:
  - RFC 2069, digest authentication for use with http 1.1
  - Transport Layer Security (TLS)

o For object level security the following were recommended:
  - Secure mime (has some problems because of RSA prprietary stuff)
  - PGP-Mime - still a bit new and not yet deployed

o It was agreed that we needed guidance from Netscape and Microsoft on
  which of these protocols we ought to be using for IPP.  Carl-Uno will
  ask Netscape and Microsoft for recommendations.

o Xerox will write up a more formal note on the results of their meeting
  and will make this available to the working group. In the meantime we
  should all review the security mechanisms recommended. For information

  SASL specification is draft-myers-auth-sasl-10.txt
  TSL specification is draft-ietf-tls-protocol-02.txt

o Next call will be Thursday, May 1st
                    1 - 3pm PDT