McDonald, Ira wrote:
> ...
> Security should be improved in both of the other optional IPP notification
> delivery methods:
>> 1) For SMTP notification, the use of S/MIME should be required
> (S/MIME is only a MAY in the current draft).
Except that most MUA's don't support S/MIME... :(
> 2) For INDP notification, the use of TLS should be required
> (TLS is only a MAY in the current draft).
Again, I think that TLS, while a Good Thing (tm), introduces overhead
that can make implementing IPP notifications impossible on the kind of
devices it was originally targeted for...
Making TLS a SHOULD is probably the strongest language we can use...
> Neither of the optional methods is likely to pass IETF scrutiny with their
> present security requirements and 'Security Considerations' sections.
> Certainly not if chosen as the required IPP notification delivery method.
> ...
Encrypting a notification in an EMail won't make it any more secure.
(I think SPAM/DoS issues are higher on the list than making sure that
a notification is signed/validated; obviously the recipient can
validate the notification themselves by looking at the printer,
etc...)
For INDP, TLS may improve security, however the current spec doesn't
require authentication at all for incoming IPP operations, so
encrypting the channel doesn't make INDP more secure by itself.
--
______________________________________________________________________
Michael Sweet, Easy Software Products mike at easysw.com
Printing Software for UNIX http://www.easysw.com