Keith Moore wrote:
>> > > 1) Both Basic and Digest are OPTIONAL for use with HTTP/1.1
> > > ...
> >
> > Then may I respectfully suggest that we make them OPTIONAL for IPP
> > as well? If the IETF approves the HTTP/1.1 with that wording,
> > then certainly IPP/1.1 will get approved...
>> Nope. HTTP and IPP are different problem spaces. The need for
> authentication in IPP has nothing to do with the need for
> authentication in HTTP.
Given that HTTP supports a much broader range of applications than
IPP, I'm not sure I understand your logic here. Granted, you can
tie up a printer by sending an unauthorized print job, but how is
that different in severity to cracking a system through POST/PUT
operations?
Mandatory authentication only provides protection against unwanted
print jobs; it doesn't prevent other types of DoS attacks.
--
______________________________________________________________________
Michael Sweet, Easy Software Products mike at easysw.com
Printing Software for UNIX http://www.easysw.com