<p dir="ltr" style="margin-top:0; margin-bottom:0;">This weekend, I tested a "Canon iR-ADV C568/478" which requires a user and password.</p> <p dir="ltr" style="margin-top:0; margin-bottom:0;">This device allows to block printing and scans if authentication is not done.</p> <p dir="ltr" style="margin-top:0; margin-bottom:0;">Nothing is planned in the sane-escl pilot.</p> <br> <br> <p dir="ltr" style="margin-top:0; margin-bottom:0;">​</p>
Le 9 avril 2022 18:36:26 GMT+02:00, Ralph Little <[email protected]> a écrit : ><pre dir="auto" class="k9mail">Hi,<br><br>On 2022-04-08 06:19, Julian H. >Stacey wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex >0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;"><blockquote >class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid >#ad7fa8; padding-left: 1ex;"> Or, more likely: is that the same password >the individual uses to<br> log into their system? Or to access their >e-mail? Or (hopefully not)<br> their bank account?<br><br> That is why >it is actually better to use no authentication, than to<br> allow weak >authentication.<br></blockquote>It would be unfitting & intolerant to deny >weak authentication when<br>we are ignorant of local environments.<br><br>We >don't know people's local subnets, firewalls, VPNs, local user<br>community of >colleagues & co-residents & family, & their skill<br>levels (both >admins to configure, & users who might [or not] have<br>skills to sniff >packets, & what devices with sniffer apps might or<br>not be able to >connect to subnets.<br><br>In ignorance of user environments, we should not >force others to strong<br>or none by removing weak.. Just offer suggestions >& examples at install.<br><br>Cheers,<br></blockquote><br>My personal >opinion is that we should provide the best protection for our users that is >reasonable whilst not significantly increasing the costs of setup for >users.<br>We do fairly regularly get users asking questions about how to set >up the saned/net backend scenario and it is not as straightforward as it might >perhaps be.<br><br>I do think that this is a useful discussion >however.<br><br>In the current computing world, we are moving to a no-trust >default, whether or not individual users believe that their network has much >of a threat profile.<br>Modern attacks are increasingly clever viral payloads >that attempt to spread themselves throughout internal network nodes.<br>I >don't personally believe it likely that there are threats out there actively >looking at the SANE net protocol though. Perhaps I am wrong about that. I >don't know.<br><br>If we can provide an alternative to what is currently >supported that provides secure authentication then I believe that would be a >worthwhile thing.<br>We should consider backwards compatibility though with a >view to eventually removing the current regime once a new, better method had >been established.<br>If someone were keen to take that on.<br><br>We should >also be considerate of any other implementations of the net protocol to see if >there would be problems there. I'm thinking of some of the other language >implementations.<br>I do know that there is at least a Dart implementation: we >had some discussion on GitLab about it some time ago. There may be >others.<br><br>Cheers,<br>Ralph<br><br></pre> -- Envoyé de mon appareil Android avec Courriel Ordissimo Mail. Veuillez excuser ma brièveté.
