IPP Mail Archive: IPP> Article on Keeping Your Internet Investment Safe in September Issue of Network Computing

IPP> Article on Keeping Your Internet Investment Safe in September Issue of Network Computing

Carl-Uno Manros (carl@manros.com)
Sun, 27 Sep 1998 23:16:05 -0700

Robert,

As chair of the IETF IPP WG I read your article in Network Computing with
big interest.

I think that the article in general was a good wake-up call for firewall
administrators.

I am a little less happy about you using the emerging IPP standard as a
potentially bad example. It is true that IPP will make use of the HTTP
protocol for transfer and as such creates a slightly new animal in the
Internet Kingdom. However, the WG made no secret about this right from its
inception in March of 1997. It is therefore a bit disappointing to get this
kind of criticism from an IAB Member some 18 months later and not over the
established IETF channels, but in the form of an article in a commercial
magazine.

To bring you up to date on the current status of IPP, we introduced a new
default port 631 for IPP in our drafts dated June 30, to make IPP traffic
more easily distinguishable and filterable in current firewall software.
This is a change which I believe everybody has embraced and fully supports.
Another proposal from our Area Directors to introduce a separate URL scheme
for IPP, mainly for end user consumption, as the http URL scheme would still
be used for transfers, is still seen with skepticism from many IPP
implementors.

The people who initiated the IPP project in the IETF had as their major
objective to create ONE agreed method to do printing over the Internet. Back
in 1996, it looked like we would get half a dozen or more different
solutions from various vendors, many of which would have used HTTP in their
own private way.

I am glad to inform you that the Printer Working Group last week held an
inter-operability testing event with 8 different client implementations and
16 different server implementations, from key vendors in the printer
business, with astonishing good test results. Most everybody already
supported the new default port 631 and in many cases the printer
implementations returned an HTML page with useful information if the user
tried to put the IPP URL (in the current http:// format) into a web browser.
This is seen by many as offering more user friendliness than an ipp://
scheme which would only return an HTTP error code.

Anyway, I think you can calm down the worries that you might have invoked
among the Network Computing readers concerning IPP, and point out that they
should install their printers on the default port 631 to distinguish them
easily in firewalls. They can obviously also be filtered on TCP/IP address
or by simply putting printers for external access outside the firewall. As
IPP implementors, we are currently in the process of educating the major
firewall vendors about IPP, so it should come as no surprise to anybody when
customers start seeing IPP implementations showing up in the coming year.

Regards,

Carl-Uno Manros