Here is the proposed text for the Security Application Profile for TLS
to be added to the Security Considerations section of the IPP Model
worked out by Randy Turner, Bob Herriot, Xavier Riley, Carl-Uno Manros,
Ira McDonald, John Wenn, and Tom Hastings.
Please send any comments immediately as Scott is editing this into the
8.8 IPP Security Application Profile for TLS
The IPP application profile for TLS follows the standard "Mandatory
Cipher Suites" requirement as documented in the TLS specification
[TLS]. Client implementations MUST NOT assume any other cipher
suites are supported by an IPP Printer object.
A conforming IPP client MUST implement and support the "Mandatory
Cipher Suites" as specified in the TLS specification and MAY
support additional cipher suites.
If a conforming IPP Printer object supports TLS, it MUST implement and
support the "Mandatory Cipher Suites" as specified in the TLS
specification and MAY support additional cipher suites.
It is possible that due to certain government export restrictions
some non-compliant versions of this extension could be
deployed. Implementations wishing to interoperate with such non-
compliant versions MAY offer the TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
mechanism. However, since 40 bit ciphers are known to be vulnerable
to attack by current technology, any client which actives a 40 bit
cipher MUST NOT indicate to the user that the connection is completely
secure from eavesdropping.