IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

harryl at us.ibm.com harryl at us.ibm.com
Fri Apr 23 02:07:13 EDT 1999



LPR was considered a "standard" printing protocol for TCP/IP and was not
very well specified, so divergent implementations resulted in poor
interoperability. While the IETF position on new Internet protocols is loud
and clear (no new protocol with out lock, key and secret password), it does
conflict with one of the original goals of IPP which was developing a
"better" LPR. While better can be interpreted in many ways... more well
specified, better agreed to, accepted and implemented and greater proven
interoperability have to be high on the list. But LPR, at least, became
ubiquitous across network (TCP/IP) environments - big, small, "rich" and
"poor". This was an obvious (and stated) goal of the IETF in chartering IPP
and every PWG member in creating it. Short of this goal... we realize there
will always be the need for a surrogate print protocol which is contrary to
"reducing the number of moving parts".  Unfortunate, especially as IP
migrates "downward" into homes and peoples pockets.

Security is obviously one of the "hottest" issues of the age. We've got
phones that will screen the screener. Evolution of the phone system was
driven largely by business principles such that these security features are
optional and have a separate cost associated with them (thank goodness... I
prefer the old fashioned busy signal!). The Internet, while it drives
dollars, is guided by different principles. The current IETF model behaves
as if there won't be any security if it is not mandated into the evolving
infrastructure.

This, of course is not true. When there is a need there will be a solution.
An open, interoperable solution is the realm of the IETF. A mandated one is
not (in my opinion). I suspect that the IETF believes that,  as the
protocol suites migrate into shirt pockets and shoe laces, the cost of any
mandate is spread so thin that it becomes negligible. At least this view
might bring us sanely to the conclusion of this topic (and still achieve
the goal of an "Internet Standard"). It is interesting that the product
invoice will not show... "Internet Security Tax"... but then there's
probably all kinds of helpful airline regulations for which we would be
entirely grateful if we understood them which are buried in the cost of
travel to the next IETF meeting.

So, while there are clear alternatives (preferably -  define an Internet
security standard, assure that IPP interoperates and allow the market to
decide when, where and to what extent...) I am ready to cash in my chips,
accept that the IETF model (as I interpret it) is at least viable and
reemphasize the (long awaited) goal of establishing the next Internet
Standard for printing.

Harry Lewis
IBM Printing Systems
harryl at us.ibm.com





More information about the Ipp mailing list