IPP Mail Archive: RE: IPP> ADM - Reminder about job openings and home work ass

IPP Mail Archive: RE: IPP> ADM - Reminder about job openings and home work ass

RE: IPP> ADM - Reminder about job openings and home work ass

Randy Turner (rturner@sharplabs.com)
Sun, 26 Apr 1998 19:18:08 -0700

The fact that no one is shipping SNMPv3 today in printers is irrevelant.

No one is shipping IPP with security today either.

We are designing protocols that will have to last for a number of years, so
we have
to consider the way networks are managed today, as well as how they are likely
to be managed in the future.

Also, because we chose to make security optional in IPP 1.0, this means
that most embedded printer vendors probably will not implement it. And the
available security
methods available for SNMPv3 are more robust than "digest" or "basic" HTTP
authentication, which even these security mechanisms wouldn't even be
available
in something as "lightweight" as SDP.

Randy

At 02:55 PM 4/26/98 -0400, don@lexmark.com wrote:
>
>Randy Turner said:
>
>>What I would not like to hear from folks is..."well,SNMP has no security",
>and
>>"well, SNMP doesn't do traps reliably". If you read the minutes from the
>last
>>IETF Plenary in L.A, specifically the SNMPv3 WG minutes, SNMPv3
>implementation
>>and availability after 6 months at "proposed" is already past where v2 was
>>after two years at "proposed". The point is, we're designing stuff that
>probably
>>won't be deployed until 1999, when in network management circles SNMPv3
>will reach
>>the dominant position, if kept at its current pace of implementation.
>>
>>SNMPv3 has some of the same security mechanisms at IPP, and you are going
>>to have to reconcile these two models if you provide a backdoor to MIB
>>data, whether you are reading, or writing these objects.
>
>Gosh, let me count the number of printers that implement SNMPv3 ....
>
>-- ZERO !!
>
>Therefore if we allow access to the MIB Objects through IPP which includes
>TLS, I contend there are no security problem. Accesssing MIB objects using
>IPP would much, much more secure than accessing those same objects via the
>currently popular SNMPv1 implementations.
>
>
>**********************************************
>* Don Wright don@lexmark.com *
>* Product Manager, Strategic Alliances *
>* Lexmark International *
>* 740 New Circle Rd *
>* Lexington, Ky 40550 *
>* 606-232-4808 (phone) 606-232-6740 (fax) *
>**********************************************
>