Netware OES and Windows XP SP2, iPrint with SSL and high security.

I was under the impression that the iPrint client securely passed the
userid and password to the target server.
It got me thinking about certificates and how the user does not get a
change to verify the cert before authentication, so I ran a packet scan
with PKTSCAN.NLM to look at the traffic.
I have come up with some interesting observations -

I cannot see any evidence of IPPS/HTTPS/SSL (certs) on the initial
connection from the iPrint client to the server. I quote the server
response from within one of the first packets to the client-

'The server is willing to upgrade the current.
connection to SSL but your client doesn't support it'

Incidently, operationally the authentication works and the printer
installs on the client.
If I compare that trace to say an https trace logging into iManager I
get SSL and HTTPS and certs mentioned all the time with iManager. No
evidence of this with iPrint.

I have a limited knowledge of reading packets with Ethereal, but what I
have seen makes me wonder how, if at all, the userid and password are
encrypted from iPrint client to server?

The only evidence of SSL comes later in the trace when the target server
contacts the LDAP server via LDAPs for authentication purposes.


Charles Short

Cambridge University Computing Service