IPP>DIR - comments on security document

IPP>DIR - comments on security document

IPP>DIR - comments on security document

Robert Herriot Robert.Herriot at Eng.Sun.COM
Thu Mar 20 21:46:49 EST 1997

This document is a good survey of security issues, but I wish there
were some recommendations for what IPP should do.

Other comments:

There are no line numbers in the latest security document ipp-sec-2.0.txt.

line ?: "security domain" is mentioned but not defined. Please add 
     a definition of it.

section 2.1:  if security domain is at the level of a DNS domain, then
     it may not be possible to print a document by reference. That is,
     it may be inaccessible for security reasons because client and
     server are on differet hosts.

section 2.2: Why can printing only be done by reference?  What is
     the meaning of the security barrier in this example.  Is the
     document in a secure area or are the client and host in a secure
     area?  In either case, I assume that either client or server can 
     fetch the document.  Now that I think about it, what is the
     difference between section 2.1 and 2.2. If the document is accessible
     does it really matter whether it is in a different security domain?

section 2.3: This is a case where I would expect the printing by reference
     would be disallowed or there would be lots of caveats.  But the
     text in this section makes it seem like printing by reference
     is a no-brainer.

section 2.5: This case also raises some difficult issues in the print
     by reference because the printer somehow as to be able to pull
     the data from another security domain -- exactly what section 2.4
     was disallowing.  This seems like a contradiction to me.

section 5.0: the abbreviations in the table header row should be expanded.
     I'm not sure what they all are.

     I'm not sure if the table is helpful. I have this uneasy feeling
     that "yes" and "no" along with "C" and "S" give only a small part of the

section 6.0: Similar comments to section 5.0.

section 7.0: the columns headings are misaligned or missing.

More information about the Ipp mailing list