IPP Mail Archive: IPP> Final Editing Steps for draft-ietf-ip

IPP> Final Editing Steps for draft-ietf-ipp-ops-set2

From: Scott Hollenbeck (sah@428cobrajet.net)
Date: Thu Jul 29 2004 - 14:02:07 EDT

  • Next message: carl@manros.com: "RE: IPP> Final Editing Steps for draft-ietf-ipp-ops-set2"

    I've been working with the two Security area ADs to get the final IESG
    approvals for draft-ietf-ipp-ops-set2. Steve Bellovin still had some
    minor concerns with the second paragraph of the new Security
    Considerations section (he said that he still found it hard to read), but
    we can deal with that without requiring a new version of the document. I
    can have the document approved with a note to the RFC Editor requesting
    some minor changes. That being the case, here's how I wish to proceed:

    Change this:

    "Printer operations defined in this specification (see section 3) and
    Pause-Printer, Resume-Printer, and Purge-Job (defined in [RFC2911])
    are intended for use by an operator and/or administrator. Job
    operations defined in this specification (see section 4) and Cancel-
    Job, Hold-Job, Release-Job defined in [RFC2911]) are intended for use
    by the job owner or may be an operator or administrator of the
    Printer object. These operator and administrative operations affect
    the service of all users. In appropriate use of an administrative
    operation by an un-authenticated end user could affect the quality of
    service for all users. Therefore, for both inter-net and intra-net,
    conformance to this specification REQUIRES that initial configuration
    of IPP Printer implementations MUST require successful certificate-
    based TLS [RFC2246] client authentication and successful operator and
    administrator authorization (see [RFC2911] sections 5.2.7 and 8 and
    [RFC2910]) for any administrative operations defined in this
    document. [RFC2910] REQUIRES the IPP Printer to support the minimum
    cypher suite required for TLS/1.0. The means for authorizing an
    operator or administrator of the Printer object are outside the scope
    of this specification, [RFC2911], and [RFC2910]."

    to this:

    "Printer operations defined in this specification (see section 3) and
    Pause-Printer, Resume-Printer, and Purge-Job (defined in [RFC2911]) are
    intended for use by an operator and/or administrator. Job operations
    defined in this specification (see section 4) and Cancel-Job, Hold-Job, and
    Release-Job (defined in [RFC2911]) are intended for use by the job owner,
    operator, or administrator of the Printer object. These operator and
    administrative operations affect service for all users.

    Inappropriate use of an administrative operation by an unauthenticated end
    user can affect the quality of service for all users. Therefore, IPP
    Printer implementations MUST require both successful certificate-based TLS
    [RFC2246] client authentication and successful operator/administrator
    authorization (see [RFC2911] sections 5.2.7 and 8 and [RFC2910]) to perform
    the administrative operations defined in this document. [RFC2910] requires
    the IPP Printer to support the minimum cipher suite specified for TLS/1.0.
    The means for authorizing an operator or administrator of the Printer object
    are outside the scope of this specification, RFC 2910, and RFC 2911."

    In addition, a normative reference to RFC 2119 will need to be added. The
    "change history" comment at the end of the list of informative references
    will need to be removed.

    Please let me know ASAP if there are any objections to this approach. if
    not, I will ask the IESG to approve the document with the RFC Editor note
    included.

    -Scott-



    This archive was generated by hypermail 2b29 : Thu Jul 29 2004 - 14:02:53 EDT