With all due respect, I must ask you to qualify some of your statements.
Sorry, but you appear to be literally sweeping *everything* under the rug
with some of these statements:
> 1. LPD has no authentication. That solves it in one direction.
>> 2. Since you don't have authentication, you need an 'anonymous' user to
> map LPD stuff into. That solves the other.
Actually, LPD has a *bit* of authentication, at least in several
implementations, whereby the client port must be within the range
of privileged ports.
However, the real issue is: just because LPD has serious holes in its
security model, should this be necessarily propagated to IPP?
My apologies in advance if I am being dense here and not understanding
what you mean, exactly. Can you provide us with a bit more insight here?