IPP> Some observations from the IPP BOF in the IETF

IPP> Some observations from the IPP BOF in the IETF

Don Wright don at lexmark.com
Tue Dec 17 08:04:02 EST 1996 

is that if nothing is changed in the firewall, printing would
work.  If some paranoid companies want to prevent
printing to printers outside the company (I assume these
same companies have disabled all the scanners in
their fax machines, turned off outgoing e-mail and 
no longer allow outbound snail mail in opaque envelopes)
then they can get new firewall software or turn off HTTP
completely.  That is their policy decision.  For the rest of
us, we don't have to worry about getting a firewall update, 
loading new client software on thousands of machines, 
etc.  The intent is to make adding Internet printing support
easy for those that want it.




DON


To: babakj%MICROSOFT.com @ interlock.lexmark.com (Babak Jahromi) @ SMTP, 
cmanros%cp10.es.xerox.com @ interlock.lexmark.com ("'Carl-Uno Manros'") @ SMTP
cc: ipp%pwg.org @ interlock.lexmark.com ("'ipp at pwg.org'") @ SMTP (bcc: Don 
Wright)
From: manros%mindspring.com @ interlock.lexmark.com (Carl-Uno Manros) @ SMTP
Date: 12/16/96 11:06:35 PM
Subject: RE: IPP> Some observations from the IPP BOF in the IETF


At 08:06 PM 12/16/96 -0800, Babak Jahromi wrote:
>>7) Our concept of using HTTP to avoid Firewalls seem to be flawed.  I spoke
>>to several security specialists about it and they called us naive. They
>>pointed out that any firewall provider worth its salt would use IPP as a
>>good excuse to sell their customers a new version of their firewall -
>>whichever way we do it.
>>
>Carl,
>
>Could you be more specific here? If we stick to the basic HTTP, how can
>the firewall provider tell what the HTTP command really transporting?
>And how can they convince their customers that they need a new firewall
>that works better by poking into the HTTP commands to search for IPP
>stuff?
>
>Thanks,
>Babak
>


Babak,


The main argument given to me was that a number of security concious
organizations are prohibiting the delivery of data out from their
organization e.g. via FTP, while allowing HTTP on the basis that it is
normally used to get data in from the outside, but gives out very little
data.  If we start using IPP to send out big print files, these
organizations will start getting worried and looking for a stopgap solution,
until they find a way to dig into the HTTP flow for details. A short term
solution might be to quite simply have the firewall stop the use of HTTP
altogether.


Carl-Uno

More information about the Ipp mailing list