For IPP 1.1 security (use of TLS), for the over the wire protocol, IPP is
happy with whatever standard methods exist (the leading contendor is HTTP
Upgrade: TLS/1.0 header). This avoids the extra security port problem by
negotiating a secure connection inside the normal connection.
Undecided is how a URL specifies that it should use a secure connection.
I'm in favor of using a "ipps://" scheme. The meaning is simple: when a
client sees a ipps: URI, it connects using the standard port with a
"Upgrade: TLS/1.0" header. This is analogous to the "https" scheme, which
connects using a special security port using the SSL handshake immediately.
This solution adds a new scheme, but no new ports.