IPP> Re: SEC - IPP Security Requirements

IPP> Re: SEC - IPP Security Requirements

IPP> Re: SEC - IPP Security Requirements

Carl-Uno Manros carl at manros.com
Fri Sep 5 10:25:51 EDT 1997


At 08:26 PM 9/4/97 +0200, Harald.T.Alvestrand at uninett.no wrote:
>Keith is doing fine.....
>
>two things:
>
>1) IPP has to ANALYZE risks of using IPP on the open Internet (NOT behind
>   firewalls or in "spammable" environments)


Done that already!


>
>   IPP must then DEFINE how a reasonable number of these risks can be defended
>   against using security mechanisms, and REQUIRE that valid IPP 
>implementations
>   implement at least a minimum set of these
>


This is where we need to firm up on our design.


>   The USER of an IPP device can then decide to use or not to use those
>   security mechanisms.
>


Yep. Question is only how - by negotiation outside the security protocols?


>2) I'd like you to tell me which security lists are discussing SASL; it
>   seems that the list set up to discuss SASL is either totally dead or
>   I've fallen off it. We need to know!
>


Check the TLS list for the last couple of weeks.


>Thanks for your help!
>
>                     Harald A
>


Regards,


Carl-Uno



More information about the Ipp mailing list