> From moore at cs.utk.edu Thu Dec 18 07:00:27 1997
>> > The IETF ADs are just plain WRONG about this
> > one! Security should be a customer purchasing choice, not a "cost of
> > doing business using Internet 'standards track' protocols"! If IPP
> > actually does supplant LPR in the enterprise network (as we all hope)
> > MOST of the printers and clients will be configured WITHOUT security.
>> We respectfully disagree. Internet standards specify requirements
> for interoperability over the entire Internet, not just in an
> enterprise network. Many enterprise networks also need security.
>> Be assured that the requirement for strong, mandatory, interoperable
> authentication will not be changed.
>
Your comments above suggest to me that authentication (of a client) is
required and that privacy and mutual authentication are not.
So, would it be acceptable for IPP to drop TLS and require that all IPP
clients and servers support HTTP/1.1 digest authentication?