I've been working with the two Security area ADs to get the final IESG
approvals for draft-ietf-ipp-ops-set2. Steve Bellovin still had some
minor concerns with the second paragraph of the new Security
Considerations section (he said that he still found it hard to read), but
we can deal with that without requiring a new version of the document. I
can have the document approved with a note to the RFC Editor requesting
some minor changes. That being the case, here's how I wish to proceed:
Change this:
"Printer operations defined in this specification (see section 3) and
Pause-Printer, Resume-Printer, and Purge-Job (defined in [RFC2911])
are intended for use by an operator and/or administrator. Job
operations defined in this specification (see section 4) and Cancel-
Job, Hold-Job, Release-Job defined in [RFC2911]) are intended for use
by the job owner or may be an operator or administrator of the
Printer object. These operator and administrative operations affect
the service of all users. In appropriate use of an administrative
operation by an un-authenticated end user could affect the quality of
service for all users. Therefore, for both inter-net and intra-net,
conformance to this specification REQUIRES that initial configuration
of IPP Printer implementations MUST require successful certificate-
based TLS [RFC2246] client authentication and successful operator and
administrator authorization (see [RFC2911] sections 5.2.7 and 8 and
[RFC2910]) for any administrative operations defined in this
document. [RFC2910] REQUIRES the IPP Printer to support the minimum
cypher suite required for TLS/1.0. The means for authorizing an
operator or administrator of the Printer object are outside the scope
of this specification, [RFC2911], and [RFC2910]."
to this:
"Printer operations defined in this specification (see section 3) and
Pause-Printer, Resume-Printer, and Purge-Job (defined in [RFC2911]) are
intended for use by an operator and/or administrator. Job operations
defined in this specification (see section 4) and Cancel-Job, Hold-Job, and
Release-Job (defined in [RFC2911]) are intended for use by the job owner,
operator, or administrator of the Printer object. These operator and
administrative operations affect service for all users.
Inappropriate use of an administrative operation by an unauthenticated end
user can affect the quality of service for all users. Therefore, IPP
Printer implementations MUST require both successful certificate-based TLS
[RFC2246] client authentication and successful operator/administrator
authorization (see [RFC2911] sections 5.2.7 and 8 and [RFC2910]) to perform
the administrative operations defined in this document. [RFC2910] requires
the IPP Printer to support the minimum cipher suite specified for TLS/1.0.
The means for authorizing an operator or administrator of the Printer object
are outside the scope of this specification, RFC 2910, and RFC 2911."
In addition, a normative reference to RFC 2119 will need to be added. The
"change history" comment at the end of the list of informative references
will need to be removed.
Please let me know ASAP if there are any objections to this approach. if
not, I will ask the IESG to approve the document with the RFC Editor note
included.
-Scott-