At 08:26 PM 9/4/97 +0200, Harald.T.Alvestrand at uninett.no wrote:
>Keith is doing fine.....
>>1) IPP has to ANALYZE risks of using IPP on the open Internet (NOT behind
> firewalls or in "spammable" environments)
Done that already!
>> IPP must then DEFINE how a reasonable number of these risks can be defended
> against using security mechanisms, and REQUIRE that valid IPP
> implement at least a minimum set of these
This is where we need to firm up on our design.
> The USER of an IPP device can then decide to use or not to use those
> security mechanisms.
Yep. Question is only how - by negotiation outside the security protocols?
>2) I'd like you to tell me which security lists are discussing SASL; it
> seems that the list set up to discuss SASL is either totally dead or
> I've fallen off it. We need to know!
Check the TLS list for the last couple of weeks.
>Thanks for your help!
>> Harald A