At 01:43 PM 12/19/97 +0100, Harald.T.Alvestrand at uninett.no wrote:
>>moore at cs.utk.edu said:
>> The alternative is for IPP to convince IESG that digest
>> authentication alone really is adequate for a wide variety of printer
>> authentication scenarios. I won't claim that it cannot be done,
>> but offhand, I don't see how to do this.
>>The third alternative is, of course, to claim that the WG is now convinced
>that it's acceptable for an IPP client to be unable to print on any
>printer that requires non-shared-secret authentication.
>This did not seem to be the consensus in Washington, but after all,
>the list, not the meeting, is the final arbiter of IETF WG consensus.
>>Remember - you are the domain experts who are supposed to know what the
>requirements for a print protocol are; the IESG requirement is that:
>>- It's possible for all conformant implementations to be able to
> interwork, if configured to do so
>- Whatever functions must be implemented use neither cleartext passwords
> nor encumbered technology, if possible
>>If ability of a client to print on a TLS-only-configured printer is not
>in your requirements set, then that should not be a requirement.
>> Harald A
It seems that Harald has a more liberal view on this than Keith. This seems
to open up the possibility to to recommend that all clients SHOULD support
TLS, but not make it an absolute MUST.