As an action item from the Boulder meeting, I am preparing a
proposal document that addresses the order of operations for
negotiating security. This document also discusses, in part,
the use of URLs to designate security. A number of outside
parties involved with security (TLS working group and others)
will be reviewing this short document prior to distribution to
the IPP working gruop at large. This is in order to save the
IPP WG time reviewing and trying to understand something that
is technically inaccurate. Carl Kugler at IBM has also
volunteered to help review and verify a security
negotitation proposal for IPP.
One of the ideas expressed in this document is that the
working group does not have to explicitly mandate the use
of HTTPS for a security scheme.
I will try to have this document out late next week.
Carl-Uno Manros wrote:
>> The decision to require SSL3 framing has a number of consequences which
> needs to be reflected in the Protocol document.
>> Where you speak about Encoding of Transport Layer (lines 350 - 357), you
> now need to say that we are using the combination of SSL3/HTTP. The default
> port for this is 443 (rather than 80), and the scheme for SSL3/HTTP is:
> https (rather than http). All Printer-URI and Job-URIs will now start with
> "https://">> Hope this reaches you in time to get these changes in.
>> Scott may need to check for similar changes in the Model document.
> Carl-Uno Manros
> Principal Engineer - Advanced Printing Standards - Xerox Corporation
> 701 S. Aviation Blvd., El Segundo, CA, M/S: ESAE-231
> Phone +1-310-333 8273, Fax +1-310-333 5514
> Email: manros at cp10.es.xerox.com