IPP> 'mailto' Delivery Method for IPP Notifications
imcdonald at sharplabs.com
Thu Jan 6 19:12:32 EST 2005
Note that our IETF ADs observed that there are serious security
flaws in the 'mailto' Delivery Method for IPP Notifications.
These will need to be addressed in any PWG-ISTO standard.
Simplified explanation: An IPP Printer MUST NOT accept any
subscription for 'mailto' notifications from an anonymous
IPP Job submitter - otherwise, the IPP Printer is a spam
engine. An IPP Printer SHOULD use an LDAP directory (or
other authoritative source) to ensure that the recipient
of IPP 'mailto' notifications is in fact the Job Owner.
Ira McDonald (Musician / Software Architect)
Blue Roof Music / High North Inc
PO Box 221 Grand Marais, MI 49839
email: imcdonald at sharplabs.com
From: owner-ipp at pwg.org [mailto:owner-ipp at pwg.org]On Behalf Of Michael
Sent: Thursday, January 06, 2005 7:16 AM
To: Bergman, Ron
Cc: ipp at pwg.org; Harry Lewis (E-mail)
Subject: Re: IPP> 'mailto' Delivery Method for IPP Notifications
Bergman, Ron wrote:
> Is there any interest in completion of this document as a PWG-ISTO
> I am willing to take on this task if there is even a moderate
> interest. At one time it appeared that several companies were
> planning to implement this feature so there should be some support
> for a proper sandard.
The CUPS implementation will be ready for testing very soon, based
on the last draft.
Michael Sweet, Easy Software Products mike at easysw dot com
Internet Printing and Publishing Software http://www.easysw.com
More information about the Ipp