In our discussion we are referencing the need to authenticate
the message body. I didn't think this was part of Keith's request.
I'm sure Keith referred strictly to user authentication of a limited
set of users as a minimum requirement.
>>- there is not currently a requirement to provide protection
> of the content - i.e. encryption is not required of a minimal
>>- this doesn't quite mean that all clients and servers have to
> support algorithm X. the requirement could be met by requiring
> all clients to support algorithms X and Y, and requiring all
> servers to support either X or Y or both.
>>- there's not even a requirement that the device be able to
> support an arbitrary number of users.
IBM Printing Systems
harryl at us.ibm.com