IPP Mail Archive: (no subject)

(no subject)

From: kugler@us.ibm.com
Date: Wed Jun 21 2000 - 17:39:49 EDT

Next message: kugler@us.ibm.com: "Re: IPP> TES: Mandatory IPP notification agreement"

Previous message: Richard Shockey: "IPP> Re: IFX> Some current Internet FAX refs - RFCs and I-Ds"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Zehler, Peter" <Peter.Zehler@u...> wrote:
...
> My preference is that INDP be mandated. I feel that programmatic
> notification is critical to the development of robust IPP applications.
One
> of those applications would be QUALDOCS. In the definition of IPP, and
its
> associated notification mechanism, I am concerned primarily with client
> /server communications. End user notification, while useful, is not my
> primary objective. It is true that infrastructure will have to be
> configured to allow this traffic to pass. The same is true of outbound
IPP
> requests. I imagine that most of our printers will also implement mailto.
I
> have no objections to allowing both, but I think only one should be
> mandated.
>
...

Actually, in many cases the infrastructure does not have to be configured
to allow outbound IPP requests. I've always been able to connect to IPP
Printers on the Internet with an IPP client here inside the IBM firewall.
(In fact, I remember connecting my client to your Printer a few years ago!)
We run a SOCKS Internet gateway here, and I can make a TCP connection to
any host:port on the Internet.

"McDonald, Ira" <imcdonald@s...> wrote:
...
> Lastly, Peter you jumped from port filtering by firewalls
> to MIME type filtering - but the latter requires that the
> firewall have an Application Layer Gateway (ALG) to figure
> out the protocol and THEN to find the MIME type inside the
> protocol envelope.
>
> Personally, I agree with Henrik about selecting email as
> the IPP mandatory notification method.
>

Most firewalls allow insiders to make outbound connections (perhaps
indirectly), but prevent outsiders from making inbound connections. Very
few corporate firewall administrators would be willing to simply open a
port and allow anybody to make inbound connections to arbitrary addresses
inside the firewall. Here at IBM, making an inbound connection requires
full-blown authentication, encryption, one-time passwords, etc. (by
strictly enforced corporate policy). We use Aventail for this. Also, in
many cases, machines inside a firewall are simply not addressable from
outside, due to network address translation (NAT), IP Masquerading, Windows
connection sharing, etc. You'd need a really sophisticated
application-level gateway to deal with these issues.

-Carl

Next message: kugler@us.ibm.com: "Re: IPP> TES: Mandatory IPP notification agreement"
Previous message: Richard Shockey: "IPP> Re: IFX> Some current Internet FAX refs - RFCs and I-Ds"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed Jun 21 2000 - 17:49:36 EDT