Re: IPP> Re: ADM - Draft minutes [client security issues]

Carl-Uno Manros (carl@manros.com)
Thu, 18 Dec 1997 02:48:41 -0800

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Harald.T.Alvestrand@uninett.no: "Re: IPP> Re: ADM - Draft minutes [client security issues]"
• Previous message: Tom Hastings: "Re: IPP> TES - January meeting"
• Maybe in reply to: imcdonal@eso.mc.xerox.com: "IPP> Re: ADM - Draft minutes [client security issues]"
• Next in thread: Harald.T.Alvestrand@uninett.no: "Re: IPP> Re: ADM - Draft minutes [client security issues]"

At 11:37 PM 12/17/97 -0500, you wrote:
>I've gotta say that I agree with Ira on the topic of mandatory
>support for security. Seems a bit extreme to require both ends
>of a comm session to perform a relatively heavy security dance
>when the customer does not wish to get involved with the
>attendant administration.
>
> ...jay
>
>Ira Mcdonald x10962 wrote:
>
>> My client s/w colleagues here at Xerox object STRONGLY to being told
>> that the "interoperability" problem belongs to clients, so that they
>> cannot build a simple client (without TLS) for intranet IPP printers
>> and claim conformance. The IETF ADs are just plain WRONG about this
>> one! Security should be a customer purchasing choice, not a "cost of
>> doing business using Internet 'standards track' protocols"! If IPP
>> actually does supplant LPR in the enterprise network (as we all hope)
>> MOST of the printers and clients will be configured WITHOUT security.

I will do my best to respond as we have not yet heard from any of the
Area Directors:

Jay's assumption that both clients and servers have to support
everything is false, only the clients have to support both servers that
use "HTTP security" and "TLS security". This was the compromise from
Washington DC.

The reason why the IETF is so stringent about security features is that
they are designing solutions for the INTERNET, they do not care about
INTRANETS. Part of the problem is that the press takes every opportunity
to criticize the "Internet" for its lack of security, which is threatening
the overall reputation of the whole Internet concept and has forced the
IETF to take somewhat extreme measures in response.

If, like Ira states, implementors react against some of the security
language in an IETF document, then they will implement an "almost conforming"
version without the security features they do not like. In the end, the
market decides what products you can sell at what price. My assumption
though is that customers will buy the "secure" versions, even if they cost
a bit more, as soon as the recently standardized IETF security features
become more generally available as products (which might take a couple of
years). So I think that we are debating a timing problem rather than a
technical problem.

Carl-Uno

• Next message: Harald.T.Alvestrand@uninett.no: "Re: IPP> Re: ADM - Draft minutes [client security issues]"
• Previous message: Tom Hastings: "Re: IPP> TES - January meeting"
• Maybe in reply to: imcdonal@eso.mc.xerox.com: "IPP> Re: ADM - Draft minutes [client security issues]"
• Next in thread: Harald.T.Alvestrand@uninett.no: "Re: IPP> Re: ADM - Draft minutes [client security issues]"

Comments are owned by the poster. All other material is Copyright © 2001-2024 The Printer Working Group. All rights reserved. IPP Everywhere, the IPP Everywhere logo, and the PWG logo are trademarks of the IEEE-ISTO.
About the PWG · Privacy Policy · PWG Webmaster