Hi Carl-Uno,
I support your proposal to make 'ippget' the mandatory IPP notifications
delivery method.
Note that the IPPFAX choice of 'ippget' was driven by the model of
emulation of "real" fax machines, which argued for in-band notification
via 'ippget'. That argument may not be as strong for IPP the general
print protocol (where out-of-band notifications have been traditional).
Security should be improved in both of the other optional IPP notification
delivery methods:
1) For SMTP notification, the use of S/MIME should be required
(S/MIME is only a MAY in the current draft).
2) For INDP notification, the use of TLS should be required
(TLS is only a MAY in the current draft).
Neither of the optional methods is likely to pass IETF scrutiny with their
present security requirements and 'Security Considerations' sections.
Certainly not if chosen as the required IPP notification delivery method.
Cheers,
- Ira McDonald
High North Inc
-----Original Message-----
From: Carl [mailto:carl at manros.com]
Sent: Saturday, March 30, 2002 3:30 PM
To: Carl; ipp at pwg.org
Subject: IPP> RE: Mandatory Delivery Method for Notifications - Comments
by April 15
Resend, with spelling corrected etc. The earlier message slipped away before
I had finished it.
All,
Ned Freed communicated in an earlier message to the IPP WG, that the IESG
found it unacceptable that we had not choosen ONE mandatory delivery method
for notifications. They would also like to see that delivery method mandate
the use of security.
As those of you who were around about two years ago remember, we could not
reach agreement about mandating any of the delivery methods.
However, in the meantime the members of the IPPFAX project in the Printer
Working Group has reached an agreement that they will require all IPPFAX
implementions to implement the 'ippget' delivery method, and it also
requires support for TLS security.
Hence, I would like to put up the following strawman proposal to the IPP WG
members to satisfy the IESG comments:
1) Change the main Notifiction document to require that 'ippget' delivery
MUST be included for all notification implementations, but any of the other
two methods can also be implemented as an option.
<draft-ietf-ipp-not-spec-08.txt>
2) Put that rule also into the three delivery method documents, so it is
crystal clear what the rule is.
<draft-ietf-ipp-notify-get-06.txt>
<draft-ietf-ipp-notify-mailto-04.txt>
<draft-ietf-ipp-indp-method-06.txt>
3) Further, in the 'ippget' delivery document, we specify that TLS security
MUST be supported.
<draft-ietf-ipp-notify-get-06.txt>
If we can reach agreement on this, I will instruct the IPP editor to
implement these changes.
I would like to get your reactions back on this proposal no later than April
15, 2002.
Carl-Uno Manros
Chair of IETF IPP WG
10701 S Eastern Ave #1117
Henderson, NV 89052, USA
Tel +1-702-617-9414
Fax +1-702-617-9417
Mob +1-310-251-7103
Email carl at manros.com