IPP> RE: Mandatory Delivery Method for Notifications - Comments by April 15

IPP> RE: Mandatory Delivery Method for Notifications - Comments by April 15

IPP> RE: Mandatory Delivery Method for Notifications - Comments by April 15

Michael Sweet mike at easysw.com
Wed Apr 10 08:31:30 EDT 2002


Carl wrote:
> Tom,
> 
> Your reply deviated on one point from my straw man proposal. The IESG would
> like to see security mandated. In the case of 'ippget' that means MANDATORY
> support for TLS (although it is RECOMMENDED in RFC 2910.
> ...

I think the IESG is off their rocker this time - mandatory support
for TLS with notifications doesn't provide any appreciable improvement
in security, especially since scenarios requiring the most
confidentiality (notifications over the Internet) may not be able
to support TLS upgrades due to firewall limitations.

It makes sense to require mandatory support for TLS in IPPFAX, but
IPPFAX != just IPP + IPP Notifications.

Perhaps some mention of the IPPFAX specs in the IPP Notifications
specs would be sufficient, along with the SHOULD/RECOMMENDED wording
in the current spec?

-- 
______________________________________________________________________
Michael Sweet, Easy Software Products                  mike at easysw.com
Printing Software for UNIX                       http://www.easysw.com




More information about the Ipp mailing list