There doesn't seem to be a strong requirement from the IESG to improve
security in the other two delivery methods, provided we decide to mandate
'ippget' with TLS.
However, in Ned's previous note he points out that we still have some
problems with our description of how to use S/MIME in the email delivery
method. This needs fixing independently if we step up the security for that
delivery method or not.
10701 S Eastern Ave #1117
Henderson, NV 89052, USA
Email carl at manros.com
> -----Original Message-----
> From: McDonald, Ira [mailto:imcdonald at sharplabs.com]
> Sent: Sunday, March 31, 2002 2:17 PM
> To: 'Carl'; ipp at pwg.org> Subject: RE: IPP> RE: Mandatory Delivery Method for Notifications -
> Comments by April 15
>>> Hi Carl-Uno,
>> I support your proposal to make 'ippget' the mandatory IPP notifications
> delivery method.
>> Note that the IPPFAX choice of 'ippget' was driven by the model of
> emulation of "real" fax machines, which argued for in-band notification
> via 'ippget'. That argument may not be as strong for IPP the general
> print protocol (where out-of-band notifications have been traditional).
>> Security should be improved in both of the other optional IPP
> delivery methods:
>> 1) For SMTP notification, the use of S/MIME should be required
> (S/MIME is only a MAY in the current draft).
> 2) For INDP notification, the use of TLS should be required
> (TLS is only a MAY in the current draft).
>> Neither of the optional methods is likely to pass IETF scrutiny with their
> present security requirements and 'Security Considerations' sections.
> Certainly not if chosen as the required IPP notification delivery method.
> - Ira McDonald
> High North Inc
>> -----Original Message-----
> From: Carl [mailto:carl at manros.com]
> Sent: Saturday, March 30, 2002 3:30 PM
> To: Carl; ipp at pwg.org> Subject: IPP> RE: Mandatory Delivery Method for Notifications - Comments
> by April 15
>>> Resend, with spelling corrected etc. The earlier message slipped
> away before
> I had finished it.
>> Ned Freed communicated in an earlier message to the IPP WG, that the IESG
> found it unacceptable that we had not choosen ONE mandatory
> delivery method
> for notifications. They would also like to see that delivery
> method mandate
> the use of security.
>> As those of you who were around about two years ago remember, we could not
> reach agreement about mandating any of the delivery methods.
>> However, in the meantime the members of the IPPFAX project in the Printer
> Working Group has reached an agreement that they will require all IPPFAX
> implementions to implement the 'ippget' delivery method, and it also
> requires support for TLS security.
>> Hence, I would like to put up the following strawman proposal to
> the IPP WG
> members to satisfy the IESG comments:
>> 1) Change the main Notifiction document to require that 'ippget' delivery
> MUST be included for all notification implementations, but any of
> the other
> two methods can also be implemented as an option.
>> 2) Put that rule also into the three delivery method documents, so it is
> crystal clear what the rule is.
>> 3) Further, in the 'ippget' delivery document, we specify that
> TLS security
> MUST be supported.
>> If we can reach agreement on this, I will instruct the IPP editor to
> implement these changes.
>> I would like to get your reactions back on this proposal no later
> than April
> 15, 2002.
>> Carl-Uno Manros
> Chair of IETF IPP WG
>> 10701 S Eastern Ave #1117
> Henderson, NV 89052, USA
> Tel +1-702-617-9414
> Fax +1-702-617-9417
> Mob +1-310-251-7103
> Email carl at manros.com>>