IPP> SEC - Revised version of the security statements for IPP/1.1

IPP> SEC - Revised version of the security statements for IPP/1.1

IPP> SEC - Revised version of the security statements for IPP/1.1

Scott Lawrence lawrence at agranat.com
Mon May 10 10:23:36 EDT 1999



> 7.1 Security Conformance
>
> IPP clients MUST/SHOULD [which is to be determined in
> consultation with the
> Area Director] support:
>
> 	Digest Authentication [rfc2069].

That should reference whatever the number becomes for the Draft Standard
version, not 2069; the older version doesn't define MD5-sess at all.  I
haven't seen any change in status on the RFC editors queue for a while on
these.  I believe that all the final edits have been to them for some time
now, so I would expect an RFC number before long.

> 		MD5 and MD5-sess MUST be implemented and supported.
>             The Message Integrity feature NEED NOT be used.

Will you specify what values for 'qos' are acceptable?  If you don't mandate
support for qos=auth-int, then the IPP message in the HTTP body is not
protected.




More information about the Ipp mailing list