tech-invite   World Map
3GPP     Specs     Glossaries     Architecture     IMS     UICC       IETF     RFCs     Groups     SIP     ABNFs       Search     Home

RFC 8010

 
 
 

Internet Printing Protocol/1.1: Encoding and Transport

Part 2 of 3, p. 18 to 35
Prev Section       Next Section

 


prevText      Top      ToC       Page 18 
3.4.  Required Parameters

   Some operation elements are called parameters in the Model.  They
   MUST be encoded in a special position and they MUST NOT appear as
   operation attributes.  These parameters are described in the
   subsections below.

3.4.1.  "version-number"

   The "version-number" field consists of a major and minor version-
   number, each of which is represented by a SIGNED-BYTE.  The major
   version-number is the first byte of the encoding and the minor
   version-number is the second byte of the encoding.  The protocol
   described in [RFC8011] has a major version-number of 1 (0x01) and a
   minor version-number of 1 (0x01).  The ABNF for these two bytes is
   %x01.01.

   Note: See Section 9 for more information on the "version-number"
   field and IPP version numbers.

3.4.2.  "operation-id"

   The "operation-id" field contains an operation-id value as defined in
   the Model.  The value is encoded as a SIGNED-SHORT and is located in
   the third and fourth bytes of the encoding of an operation request.

Top      Up      ToC       Page 19 
3.4.3.  "status-code"

   The "status-code" field contains a status-code value as defined in
   the Model.  The value is encoded as a SIGNED-SHORT and is located in
   the third and fourth bytes of the encoding of an operation response.

   If an IPP status-code is returned, then the HTTP status-code MUST be
   200 (OK).  With any other HTTP status-code value, the HTTP response
   MUST NOT contain an IPP message body, and thus no IPP status-code is
   returned.

3.4.4.  "request-id"

   The "request-id" field contains the request-id value as defined in
   the Model.  The value is encoded as a SIGNED-INTEGER and is located
   in the fifth through eighth bytes of the encoding.

3.5.  Tags

   There are two kinds of tags:

   o  delimiter tags: delimit major sections of the protocol, namely
      attribute groups and data

   o  value tags: specify the type of each attribute value

   Tags are part of the IANA IPP registry [IANA-IPP]

3.5.1.  "delimiter-tag" Values

   Table 2 specifies the values for the delimiter tags defined in this
   document.  These tags are registered, along with tags defined in
   other documents, in the "Attribute Group Tags" registry.

            +-----------------+------------------------------+
            | Tag Value (Hex) | Meaning                      |
            +-----------------+------------------------------+
            | 0x00            | Reserved                     |
            | 0x01            | "operation-attributes-tag"   |
            | 0x02            | "job-attributes-tag"         |
            | 0x03            | "end-of-attributes-tag"      |
            | 0x04            | "printer-attributes-tag"     |
            | 0x05            | "unsupported-attributes-tag" |
            +-----------------+------------------------------+

                      Table 2: "delimiter-tag" Values

Top      Up      ToC       Page 20 
   When a "begin-attribute-group-tag" field occurs in the protocol, it
   means that zero or more following attributes up to the next group tag
   are attributes belonging to the attribute group specified by the
   value of the "begin-attribute-group-tag".  For example, if the value
   of "begin-attribute-group-tag" is 0x01, the following attributes are
   members of the Operations Attributes group.

   The "end-of-attributes-tag" (value 0x03) MUST occur exactly once in
   an operation and MUST be the last "delimiter-tag".  If the operation
   has a document-data group, the Document data in that group follows
   the "end-of-attributes-tag".

   The order and presence of "attribute-group" fields (whose beginning
   is marked by the "begin-attribute-group-tag" subfield) for each
   operation request and each operation response MUST be that defined in
   the Model.

   A Printer MUST treat a "delimiter-tag" (values from 0x00 through
   0x0f) differently from a "value-tag" (values from 0x10 through 0xff)
   so that the Printer knows there is an entire attribute group as
   opposed to a single value.

3.5.2.  "value-tag" Values

   The remaining tables show values for the "value-tag" field, which is
   the first octet of an attribute.  The "value-tag" field specifies the
   type of the value of the attribute.

   Table 3 specifies the "out-of-band" values for the "value-tag" field
   defined in this document.  These tags are registered, along with tags
   defined in other documents, in the "Out-of-Band Attribute Value Tags"
   registry.

                     +-----------------+-------------+
                     | Tag Value (Hex) | Meaning     |
                     +-----------------+-------------+
                     | 0x10            | unsupported |
                     | 0x12            | unknown     |
                     | 0x13            | no-value    |
                     +-----------------+-------------+

                        Table 3: Out-of-Band Values

Top      Up      ToC       Page 21 
   Table 4 specifies the integer values defined in this document for the
   "value-tag" field; they are registered in the "Attribute Syntaxes"
   registry.

   +----------------+--------------------------------------------------+
   | Tag Value      | Meaning                                          |
   | (Hex)          |                                                  |
   +----------------+--------------------------------------------------+
   | 0x20           | Unassigned integer data type (see IANA IPP       |
   |                | registry)                                        |
   | 0x21           | integer                                          |
   | 0x22           | boolean                                          |
   | 0x23           | enum                                             |
   | 0x24-0x2f      | Unassigned integer data types (see IANA IPP      |
   |                | registry)                                        |
   +----------------+--------------------------------------------------+

                           Table 4: Integer Tags

   Table 5 specifies the octetString values defined in this document for
   the "value-tag" field; they are registered in the "Attribute
   Syntaxes" registry.

   +---------------+---------------------------------------------------+
   | Tag Value     | Meaning                                           |
   | (Hex)         |                                                   |
   +---------------+---------------------------------------------------+
   | 0x30          | octetString with an unspecified format            |
   | 0x31          | dateTime                                          |
   | 0x32          | resolution                                        |
   | 0x33          | rangeOfInteger                                    |
   | 0x34          | begCollection                                     |
   | 0x35          | textWithLanguage                                  |
   | 0x36          | nameWithLanguage                                  |
   | 0x37          | endCollection                                     |
   | 0x38-0x3f     | Unassigned octetString data types (see IANA IPP   |
   |               | registry)                                         |
   +---------------+---------------------------------------------------+

                         Table 5: octetString Tags

Top      Up      ToC       Page 22 
   Table 6 specifies the character-string values defined in this
   document for the "value-tag" field; they are registered in the
   "Attribute Syntaxes" registry.

   +---------------+---------------------------------------------------+
   | Tag Value     | Meaning                                           |
   | (Hex)         |                                                   |
   +---------------+---------------------------------------------------+
   | 0x40          | Unassigned character-string data type (see IANA   |
   |               | IPP registry)                                     |
   | 0x41          | textWithoutLanguage                               |
   | 0x42          | nameWithoutLanguage                               |
   | 0x43          | Unassigned character-string data type (see IANA   |
   |               | IPP registry)                                     |
   | 0x44          | keyword                                           |
   | 0x45          | uri                                               |
   | 0x46          | uriScheme                                         |
   | 0x47          | charset                                           |
   | 0x48          | naturalLanguage                                   |
   | 0x49          | mimeMediaType                                     |
   | 0x4a          | memberAttrName                                    |
   | 0x4b-0x5f     | Unassigned character-string data types (see IANA  |
   |               | IPP registry)                                     |
   +---------------+---------------------------------------------------+

                           Table 6: String Tags

   Note: An attribute value always has a type, which is explicitly
   specified by its tag; one such tag value is "nameWithoutLanguage".
   An attribute's name has an implicit type, which is keyword.

   The values 0x60-0xff are reserved for future type definitions in
   Standards Track documents.

   The tag 0x7f is reserved for extending types beyond the 255 values
   available with a single byte.  A tag value of 0x7f MUST signify that
   the first four bytes of the value field are interpreted as the tag
   value.  Note this future extension doesn't affect parsers that are
   unaware of this special tag.  The tag is like any other unknown tag,
   and the value length specifies the length of a value, which contains
   a value that the parser treats atomically.  Values from 0x00000000 to
   0x3fffffff are reserved for definition in future Standards Track
   documents.  The values 0x40000000 to 0x7fffffff are reserved for
   vendor extensions.

Top      Up      ToC       Page 23 
3.6.  "name-length"

   The "name-length" field consists of a SIGNED-SHORT and specifies the
   number of octets in the immediately following "name" field.  The
   value of this field excludes the two bytes of the "name-length"
   field.  For example, if the "name" field contains 'sides', the value
   of this field is 5.

   If a "name-length" field has a value of zero, the following "name"
   field is empty and the following value is treated as an additional
   value for the attribute encoded in the nearest preceding "attribute-
   with-one-value" field.  Within an attribute group, if two or more
   attributes have the same name, the attribute group is malformed (see
   [RFC8011]).  The zero-length name is the only mechanism for multi-
   valued attributes.

3.7.  (Attribute) "name"

   The "name" field contains the name of an attribute.  The Model
   specifies such names.

3.8.  "value-length"

   The "value-length" field consists of a SIGNED-SHORT, which specifies
   the number of octets in the immediately following "value" field.  The
   value of this field excludes the two bytes of the "value-length"
   field.  For example, if the "value" field contains the keyword
   (string) value 'one-sided', the value of this field is 9.

   For any of the types represented by binary signed integers, the
   sender MUST encode the value in exactly four octets.

   For any of the types represented by binary signed bytes, e.g., the
   boolean type, the sender MUST encode the value in exactly one octet.

   For any of the types represented by character strings, the sender
   MUST encode the value with all the characters of the string and
   without any padding characters.

   For "out-of-band" values for the "value-tag" field defined in this
   document, such as 'unsupported', the "value-length" MUST be 0 and the
   "value" empty; the "value" has no meaning when the "value-tag" has
   one of these "out-of-band" values.  For future "out-of-band" "value-
   tag" fields, the same rule holds unless the definition explicitly
   states that the "value-length" MAY be non-zero and the "value" non-
   empty

Top      Up      ToC       Page 24 
3.9.  (Attribute) "value"

   The syntax types (specified by the "value-tag" field) and most of the
   details of the representation of attribute values are defined in the
   Model.  Table 7 augments the information in the Model and defines the
   syntax types from the Model in terms of the five basic types defined
   in Section 3.  The five types are US-ASCII-STRING, LOCALIZED-STRING,
   SIGNED-INTEGER, SIGNED-SHORT, SIGNED-BYTE, and OCTET-STRING.

   +----------------------+--------------------------------------------+
   | Syntax of Attribute  | Encoding                                   |
   | Value                |                                            |
   +----------------------+--------------------------------------------+
   | textWithoutLanguage, | LOCALIZED-STRING                           |
   | nameWithoutLanguage  |                                            |
   +----------------------+--------------------------------------------+
   | textWithLanguage     | OCTET-STRING consisting of four fields: a  |
   |                      | SIGNED-SHORT, which is the number of       |
   |                      | octets in the following field; a value of  |
   |                      | type natural-language; a SIGNED-SHORT,     |
   |                      | which is the number of octets in the       |
   |                      | following field; and a value of type       |
   |                      | textWithoutLanguage.  The length of a      |
   |                      | textWithLanguage value MUST be 4 + the     |
   |                      | value of field a + the value of field c.   |
   +----------------------+--------------------------------------------+
   | nameWithLanguage     | OCTET-STRING consisting of four fields: a  |
   |                      | SIGNED-SHORT, which is the number of       |
   |                      | octets in the following field; a value of  |
   |                      | type natural-language; a SIGNED-SHORT,     |
   |                      | which is the number of octets in the       |
   |                      | following field; and a value of type       |
   |                      | nameWithoutLanguage.  The length of a      |
   |                      | nameWithLanguage value MUST be 4 + the     |
   |                      | value of field a + the value of field c.   |
   +----------------------+--------------------------------------------+
   | charset,             | US-ASCII-STRING                            |
   | naturalLanguage,     |                                            |
   | mimeMediaType,       |                                            |
   | keyword, uri, and    |                                            |
   | uriScheme            |                                            |
   +----------------------+--------------------------------------------+
   | boolean              | SIGNED-BYTE where 0x00 is 'false' and 0x01 |
   |                      | is 'true'                                  |
   +----------------------+--------------------------------------------+
   | integer and enum     | a SIGNED-INTEGER                           |

Top      Up      ToC       Page 25 
   +----------------------+--------------------------------------------+
   | dateTime             | OCTET-STRING consisting of eleven octets   |
   |                      | whose contents are defined by              |
   |                      | "DateAndTime" in RFC 2579 [RFC2579]        |
   +----------------------+--------------------------------------------+
   | resolution           | OCTET-STRING consisting of nine octets of  |
   |                      | two SIGNED-INTEGERs followed by a SIGNED-  |
   |                      | BYTE.  The first SIGNED-INTEGER contains   |
   |                      | the value of cross-feed direction          |
   |                      | resolution.  The second SIGNED-INTEGER     |
   |                      | contains the value of feed direction       |
   |                      | resolution.  The SIGNED-BYTE contains the  |
   |                      | units value.                               |
   +----------------------+--------------------------------------------+
   | rangeOfInteger       | Eight octets consisting of two SIGNED-     |
   |                      | INTEGERs.  The first SIGNED-INTEGER        |
   |                      | contains the lower bound and the second    |
   |                      | SIGNED-INTEGER contains the upper bound.   |
   +----------------------+--------------------------------------------+
   | 1setOf X             | Encoding according to the rules for an     |
   |                      | attribute with more than one value.  Each  |
   |                      | value X is encoded according to the rules  |
   |                      | for encoding its type.                     |
   +----------------------+--------------------------------------------+
   | octetString          | OCTET-STRING                               |
   +----------------------+--------------------------------------------+
   | collection           | Encoding as defined in Section 3.1.6.      |
   +----------------------+--------------------------------------------+

                     Table 7: Attribute Value Encoding

   The attribute syntax type of the value determines its encoding and
   the value of its "value-tag".

3.10.  Data

   The "data" field MUST include any data required by the operation.

Top      Up      ToC       Page 26 
4.  Encoding of Transport Layer

   HTTP/1.1 [RFC7230] is the REQUIRED transport layer for this protocol.
   HTTP/2 [RFC7540] is an OPTIONAL transport layer for this protocol.

   The operation layer has been designed with the assumption that the
   transport layer contains the following information:

   o  the target URI for the operation; and

   o  the total length of the data in the operation layer, either as a
      single length or as a sequence of chunks each with a length.

   Printer implementations MUST support HTTP over the IANA-assigned
   well-known port 631 (the IPP default port), although a Printer
   implementation can support HTTP over some other port as well.

   Each HTTP operation MUST use the POST method where the request-target
   is the object target of the operation and where the "Content-Type" of
   the message body in each request and response MUST be "application/
   ipp".  The message body MUST contain the operation layer and MUST
   have the syntax described in Section 3.2, "Syntax of Encoding".  A
   Client implementation MUST adhere to the rules for a Client described
   for HTTP [RFC7230].  A Printer (server) implementation MUST adhere to
   the rules for an origin server described for HTTP [RFC7230].

   An IPP server sends a response for each request that it receives.  If
   an IPP server detects an error, it MAY send a response before it has
   read the entire request.  If the HTTP layer of the IPP server
   completes processing the HTTP headers successfully, it MAY send an
   intermediate response, such as "100 Continue", with no IPP data
   before sending the IPP response.  A Client MUST expect such a variety
   of responses from an IPP server.  For further information on HTTP,
   consult the HTTP documents [RFC7230].

   An HTTP/1.1 server MUST support chunking for IPP requests, and an IPP
   Client MUST support chunking for IPP responses according to HTTP/1.1
   [RFC7230].

4.1.  Printer URI, Job URI, and Job ID

   All Printer and Job objects are identified by a Uniform Resource
   Identifier (URI) [RFC3986] so that they can be persistently and
   unambiguously referenced.  Jobs can also be identified by a
   combination of Printer URI and Job ID.

Top      Up      ToC       Page 27 
   Some operation elements are encoded twice, once as the request-target
   on the HTTP request-line and a second time as a REQUIRED operation
   attribute in the application/ipp entity.  These attributes are the
   target for the operation and are called "printer-uri" and "job-uri".

   Note: The target URI is included twice in an operation referencing
   the same IPP object, but the two URIs can be different.  For example,
   the HTTP request-target can be relative while the IPP request URI is
   absolute.

   HTTP allows Clients to generate and send a relative URI rather than
   an absolute URI.  A relative URI identifies a resource with the scope
   of the HTTP server but does not include scheme, host, or port.  The
   following statements characterize how URIs are used in the mapping of
   IPP onto HTTP:

   1.  Although potentially redundant, a Client MUST supply the target
       of the operation both as an operation attribute and as a URI at
       the HTTP layer.  The rationale for this decision is to maintain a
       consistent set of rules for mapping "application/ipp" to possibly
       many communication layers, even where URIs are not used as the
       addressing mechanism in the transport layer.

   2.  Even though these two URIs might not be literally identical (one
       being relative and the other being absolute), they MUST both
       reference the same IPP object.

   3.  The URI in the HTTP layer is either relative or absolute and is
       used by the HTTP server to route the HTTP request to the correct
       resource relative to that HTTP server.

   4.  Once the HTTP server resource begins to process the HTTP request,
       it can get the reference to the appropriate IPP Printer object
       from either the HTTP URI (using to the context of the HTTP server
       for relative URIs) or from the URI within the operation request;
       the choice is up to the implementation.

   5.  HTTP URIs can be relative or absolute, but the target URI in the
       IPP operation attribute MUST be an absolute URI.

Top      Up      ToC       Page 28 
5.  IPP URI Schemes

   The IPP URI schemes are 'ipp' [RFC3510] and 'ipps' [RFC7472].
   Clients and Printers MUST support the ipp-URI value in the following
   IPP attributes:

   o  Job attributes:

      *  job-uri

      *  job-printer-uri

   o  Printer attributes:

      *  printer-uri-supported

   o  Operation attributes:

      *  job-uri

      *  printer-uri

   Each of the above attributes identifies a Printer or Job.  The
   ipp-URI and ipps-URI are intended as the value of the attributes in
   this list.  All of these attributes have a syntax type of 'uri', but
   there are attributes with a syntax type of 'uri' that do not use the
   'ipp' scheme, e.g., "job-more-info".

   If a Printer registers its URI with a directory service, the Printer
   MUST register an ipp-URI or ipps-URI.

   When a Client sends a request, it MUST convert a target ipp-URI to a
   target http-URL (or ipps-URI to a target https-URI) for the HTTP
   layer according to the following steps:

   1.  change the 'ipp' scheme to 'http' or 'ipps' scheme to 'https';
       and

   2.  add an explicit port 631 if the ipp-URL or ipps-URL does not
       contain an explicit port.  Note that port 631 is the IANA-
       assigned well-known port for the 'ipp' and 'ipps' schemes.

   The Client MUST use the target http-URL or https-URL in both the HTTP
   request-line and HTTP headers, as specified by HTTP [RFC7230].
   However, the Client MUST use the target ipp-URI or ipps-URI for the
   value of the "printer-uri" or "job-uri" operation attribute within
   the application/ipp body of the request.  The server MUST use the

Top      Up      ToC       Page 29 
   ipp-URI or ipps-URI for the value of the "printer-uri", "job-uri", or
   "printer-uri-supported" attributes within the application/ipp body of
   the response.

   For example, when an IPP Client sends a request directly, i.e., no
   proxy, to an ipp-URI "ipp://printer.example.com/ipp/print/myqueue",
   it opens a TCP connection to port 631 (the IPP implicit port) on the
   host "printer.example.com" and sends the following data:

     POST /ipp/print/myqueue HTTP/1.1
     Host: printer.example.com:631
     Content-type: application/ipp
     Transfer-Encoding: chunked
     ...
     "printer-uri" 'ipp://printer.example.com/ipp/print/myqueue'
            (encoded in application/ipp message body)
     ...

                       Figure 11: Direct IPP Request

   As another example, when an IPP Client sends the same request as
   above via a proxy "myproxy.example.com", it opens a TCP connection to
   the proxy port 8080 on the proxy host "myproxy.example.com" and sends
   the following data:

     POST http://printer.example.com:631/ipp/print/myqueue HTTP/1.1
     Host: printer.example.com:631
     Content-type: application/ipp
     Transfer-Encoding: chunked
     ...
     "printer-uri" 'ipp://printer.example.com/ipp/print/myqueue'
            (encoded in application/ipp message body)
     ...

                      Figure 12: Proxied IPP Request

   The proxy then connects to the IPP origin server with headers that
   are the same as the "no-proxy" example above.

6.  IANA Considerations

   The IANA-PRINTER-MIB [RFC3805] has been updated to reference this
   document; the current version is available from
   <http://www.iana.org>.

   See the IANA Considerations in the document "Internet Printing
   Protocol/1.1: Model and Semantics" [RFC8011] for information on IANA
   considerations for IPP extensions.  IANA has updated the existing

Top      Up      ToC       Page 30 
   'application/ipp' media type registration (whose contents are defined
   in Section 3 "Encoding of the Operation Layer") with the following
   information.

   Type name: application

   Subtype name: ipp

   Required parameters: N/A

   Optional parameters: N/A

   Encoding considerations: IPP requests/responses MAY contain long
   lines and ALWAYS contain binary data (for example, attribute value
   lengths).

   Security considerations: IPP requests/responses do not introduce any
   security risks not already inherent in the underlying transport
   protocols.  Protocol mixed-version interworking rules in [RFC8011] as
   well as protocol-encoding rules in this document are complete and
   unambiguous.  See also the security considerations in this document
   and [RFC8011].

   Interoperability considerations: IPP requests (generated by Clients)
   and responses (generated by servers) MUST comply with all conformance
   requirements imposed by the normative specifications [RFC8011] and
   this document.  Protocol-encoding rules specified in RFC 8010 are
   comprehensive so that interoperability between conforming
   implementations is guaranteed (although support for specific optional
   features is not ensured).  Both the "charset" and "natural-language"
   of all IPP attribute values that are a LOCALIZED-STRING are explicit
   within IPP requests/responses (without recourse to any external
   information in HTTP, SMTP, or other message transport headers).

   Published specifications: RFCs 8010 and 8011

   Applications that use this media type: Internet Printing Protocol
   (IPP) print clients and print servers that communicate using HTTP/
   HTTPS or other transport protocols.  Messages of type "application/
   ipp" are self-contained and transport independent, including
   "charset" and "natural-language" context for any LOCALIZED-STRING
   value.

   Fragment identifier considerations: N/A

Top      Up      ToC       Page 31 
   Additional information:

      Deprecated alias names for this type: N/A
      Magic number(s): N/A
      File extension(s): N/A
      Macintosh file type code(s): N/A

   Person & email address to contact for further information:

      ISTO PWG IPP Workgroup <ipp@pwg.org>

   Intended usage: COMMON

   Restrictions on usage: N/A

   Author: ISTO PWG IPP Workgroup <ipp@pwg.org>

   Change controller: ISTO PWG IPP Workgroup <ipp@pwg.org>

   Provisional registration? (standards tree only): No

7.  Internationalization Considerations

   See the section on "Internationalization Considerations" in the
   document "Internet Printing Protocol/1.1: Model and Semantics"
   [RFC8011] for information on internationalization.  This document
   adds no additional issues.

8.  Security Considerations

   The IPP Model and Semantics document [RFC8011] discusses high-level
   security requirements (Client Authentication, Server Authentication,
   and Operation Privacy).  Client Authentication is the mechanism by
   which the Client proves its identity to the server in a secure
   manner.  Server Authentication is the mechanism by which the server
   proves its identity to the Client in a secure manner.  Operation
   Privacy is defined as a mechanism for protecting operations from
   eavesdropping.

   Message Integrity is addressed in the document "Internet Printing
   Protocol (IPP) over HTTPS Transport Binding and the 'ipps' URI
   Scheme" [RFC7472].

8.1.  Security Conformance Requirements

   This section defines the security requirements for IPP Clients and
   IPP objects.

Top      Up      ToC       Page 32 
8.1.1.  Digest Authentication

   IPP Clients and Printers SHOULD support Digest Authentication
   [RFC7616].  Use of the Message Integrity feature (qop="auth-int") is
   OPTIONAL.

   Note: Previous versions of this specification required support for
   the MD5 algorithms; however, [RFC7616] makes SHA2-256 mandatory to
   implement and deprecates MD5, only allowing its use for backwards
   compatibility reasons.  IPP implementations that support Digest
   Authentication MUST support SHA2-256 and SHOULD support MD5 for
   backwards compatibility.

   Note: The reason that IPP Clients and Printers SHOULD (rather than
   MUST) support Digest Authentication is that there is a certain class
   of Output Devices where it does not make sense.  Specifically, a low-
   end device with limited ROM space and low paper throughput may not
   need Client Authentication.  This class of device typically requires
   firmware designers to make trade-offs between protocols and
   functionality to arrive at the lowest-cost solution possible.
   Factored into the designer's decisions is not just the size of the
   code, but also the testing, maintenance, usefulness, and time-to-
   market impact for each feature delivered to the customer.  Forcing
   such low-end devices to provide security in order to claim IPP/1.1
   conformance would not make business sense.  Print devices that have
   high-volume throughput and have available ROM space will typically
   provide support for Client Authentication that safeguards the device
   from unauthorized access because these devices are prone to a high
   loss of consumables and paper if unauthorized access occurs.

8.1.2.  Transport Layer Security (TLS)

   IPP Clients and Printers SHOULD support Transport Layer Security
   (TLS) [RFC5246] [RFC7525] for Server Authentication and Operation
   Privacy.  IPP Printers MAY also support TLS for Client
   Authentication.  IPP Clients and Printers MAY support Basic
   Authentication [RFC7617] for User Authentication if the channel is
   secure, e.g., IPP over HTTPS [RFC7472].  IPP Clients and Printers
   SHOULD NOT support Basic Authentication over insecure channels.

   The IPP Model and Semantics document [RFC8011] defines two Printer
   attributes ("uri-authentication-supported" and "uri-security-
   supported") that the Client can use to discover the security policy
   of a Printer.  That document also outlines IPP-specific security
   considerations and is the primary reference for security implications
   with regard to the IPP itself.

Top      Up      ToC       Page 33 
   Note: Because previous versions of this specification did not require
   TLS support, this version cannot require it for IPP/1.1.  However,
   since printing often involves a great deal of sensitive or private
   information (medical reports, performance reviews, banking
   information, etc.) and network monitoring is pervasive ([RFC7258]),
   implementors are strongly encouraged to include TLS support.

   Note: Because IPP Printers typically use self-signed X.509
   certificates, IPP Clients SHOULD support Trust On First Use (defined
   in [RFC7435]) in addition to traditional X.509 certificate
   validation.

8.2.  Using IPP with TLS

   IPP uses the "Upgrading to TLS Within HTTP/1.1" mechanism [RFC2817]
   for 'ipp' URIs.  The Client requests a secure TLS connection by using
   the HTTP "Upgrade" header while the server agrees in the HTTP
   response.  The switch to TLS occurs either because the server grants
   the Client's request to upgrade to TLS or a server asks to switch to
   TLS in its response.  Secure communication begins with a server's
   response to switch to TLS.

   IPP uses the "HTTPS: HTTP over TLS" mechanism [RFC2818] for 'ipps'
   URIs.  The Client and server negotiate a secure TLS connection
   immediately and unconditionally.

9.  Interoperability with Other IPP Versions

   It is beyond the scope of this specification to mandate conformance
   with versions of IPP other than 1.1.  IPP was deliberately designed,
   however, to make supporting other versions easy.  IPP objects
   (Printers, Jobs, etc.) SHOULD:

   o  understand any valid request whose major "version-number" is
      greater than 0; and

   o  respond appropriately with a response containing the same
      "version-number" parameter value used by the Client in the request
      (if the Client-supplied "version-number" is supported) or the
      highest "version-number" supported by the Printer (if the Client-
      supplied "version-number" is not supported).

   IPP Clients SHOULD:

   o  understand any valid response whose major "version-number" is
      greater than 0.

Top      Up      ToC       Page 34 
9.1.  The "version-number" Parameter

   The following are rules regarding the "version-number" parameter (see
   Section 3.3):

   1.  Clients MUST send requests containing a "version-number"
       parameter with the highest supported value, e.g., '1.1', '2.0',
       etc., and SHOULD try supplying alternate version numbers if they
       receive a 'server-error-version-not-supported' error return in a
       response.  For example, if a Client sends an IPP/2.0 request that
       is rejected with the 'server-error-version-not-supported' error
       and an IPP/1.1 "version-number", it SHOULD retry by sending an
       IPP/1.1 request.

   2.  IPP objects (Printers, Jobs, etc.)  MUST accept requests
       containing a "version-number" parameter with a '1.1' value (or
       reject the request for reasons other than 'server-error-version-
       not-supported').

   3.  IPP objects SHOULD either accept requests whose major version is
       greater than 0 or reject such requests with the 'server-error-
       version-not-supported' status-code.  See Section 4.1.8 of
       [RFC8011].

   4.  In any case, security MUST NOT be compromised when a Client
       supplies a lower "version-number" parameter in a request.  For
       example, if an IPP/2.0 conforming Printer accepts version '1.1'
       requests and is configured to enforce Digest Authentication, it
       MUST do the same for a version '1.1' request.

9.2.  Security and URI Schemes

   The following are rules regarding security, the "version-number"
   parameter, and the URI scheme supplied in target attributes and
   responses:

   1.  When a Client supplies a request, the "printer-uri" or "job-uri"
       target operation attribute MUST have the same scheme as that
       indicated in one of the values of the "printer-uri-supported"
       Printer attribute.

   2.  When the Printer returns the "job-printer-uri" or "job-uri" Job
       Description attributes, it SHOULD return the same scheme ('ipp',
       'ipps', etc.) that the Client supplied in the "printer-uri" or
       "job-uri" target operation attributes in the Get-Job-Attributes
       or Get-Jobs request, rather than the scheme used when the Job was
       created.  However, when a Client requests Job attributes using
       the Get-Job-Attributes or Get-Jobs operations, the Jobs and Job

Top      Up      ToC       Page 35 
       attributes that the Printer returns depends on: (1) the security
       in effect when the Job was created, (2) the security in effect in
       the query request, and (3) the security policy in force.

   3.  The Printer MUST enforce its security and privacy policies based
       on the owner of the IPP object and the URI scheme and/or
       credentials supplied by the Client in the current request.

10.  Changes since RFC 2910

   The following changes have been made since the publication of
   RFC 2910:

   o  Added references to current IPP extension specifications.

   o  Added optional support for HTTP/2.

   o  Added collection attribute syntax from RFC 3382.

   o  Fixed typographical errors.

   o  Now reference TLS/1.2 and no longer mandate the TLS/1.0 MTI
      ciphersuites.

   o  Updated all references.

   o  Updated document organization to follow current style.

   o  Updated example ipp: URIs to follow guidelines in RFC 7472.

   o  Updated version compatibility for all versions of IPP.

   o  Updated HTTP Digest Authentication to optional for Clients.

   o  Removed references to (Experimental) IPP/1.0 and usage of
      http:/https: URLs.


Next Section