This document is a good survey of security issues, but I wish there
were some recommendations for what IPP should do.
There are no line numbers in the latest security document ipp-sec-2.0.txt.
line ?: "security domain" is mentioned but not defined. Please add
a definition of it.
section 2.1: if security domain is at the level of a DNS domain, then
it may not be possible to print a document by reference. That is,
it may be inaccessible for security reasons because client and
server are on differet hosts.
section 2.2: Why can printing only be done by reference? What is
the meaning of the security barrier in this example. Is the
document in a secure area or are the client and host in a secure
area? In either case, I assume that either client or server can
fetch the document. Now that I think about it, what is the
difference between section 2.1 and 2.2. If the document is accessible
does it really matter whether it is in a different security domain?
section 2.3: This is a case where I would expect the printing by reference
would be disallowed or there would be lots of caveats. But the
text in this section makes it seem like printing by reference
is a no-brainer.
section 2.5: This case also raises some difficult issues in the print
by reference because the printer somehow as to be able to pull
the data from another security domain -- exactly what section 2.4
was disallowing. This seems like a contradiction to me.
section 5.0: the abbreviations in the table header row should be expanded.
I'm not sure what they all are.
I'm not sure if the table is helpful. I have this uneasy feeling
that "yes" and "no" along with "C" and "S" give only a small part of the
section 6.0: Similar comments to section 5.0.
section 7.0: the columns headings are misaligned or missing.