IPP Mail Archive: Re: IPP> Firewalls etc.

IPP Mail Archive: Re: IPP> Firewalls etc.

Re: IPP> Firewalls etc.

Carl-Uno Manros (manros@cp10.es.xerox.com)
Thu, 11 Jun 1998 13:34:33 PDT


A couple of comments on your comments.


At 01:00 PM 6/11/98 PDT, Scott Lawrence wrote:
>On Thu, 11 Jun 1998, Paul Moore wrote:
>> 1. A user inside a corporation sending print commands out into the
>> This is the one I was always talking about
>> 2. A printer inside a corporation being accessed from outside. It was clear
>> to me that this is what some others were talking about
>> #1 must work by default. I.e. if somebody on a web site or whatever has an
>> ipp URL then (provided I have the right client s/w installed) I should be
>> able to print to it, in the same way I can send email or browse a web
>I think that you'll find that many corporate IT managers would
>strenuously disagree. Your sending a print job from your desk could:
>- print company confidential documents in an unsecure place

How does this differ from sending the same document as an email attachment?

>- incur print charges on behalf of the company (if you are sending it to
> a commercial print shop)

This may be a desirable feature. You can be certain that the print shop
will require enough security to make sure that they will get paid for the
work by an authorized customer. Print shops see printing over the Internet
as a new business opportunity.

>Many firewalls I've used will allow ftp GET but disallow PUT for similar
>> This is the solution we have today. #1 works provided that the user can
>> onto the internet (usually true).
>IPP in its current form is (in my view) likely to make some people
>wonder about the wisdom of this.
>> #2 works because most networks dont allow
>> arbitrary inbound posts. This is true in routed cases and in proxy cases.
Carl-Uno Manros
Principal Engineer - Advanced Printing Standards - Xerox Corporation
701 S. Aviation Blvd., El Segundo, CA, M/S: ESAE-231
Phone +1-310-333 8273, Fax +1-310-333 5514
Email: manros@cp10.es.xerox.com