I'm with Tom on this. Most printers/print servers don't currently
support TLS. So why would we want to force the printer/print server to
implement TLS just for notification sake? If the print data can be raw.
why do we have to force notification information to be "secure".
Sr. Software Engineer
Novell, Inc., the leading provider of Net services software
>>> "Hastings, Tom N" <email@example.com> 04/10/02 05:41PM
I would be willing to go along with REQUIRING TLS if the Printer
(implements) notification. However, I suspect that this will
support of even the simple IPPGET. But more importantly, I don't
why it is any more important to have security when you support IPPGET
notification than if you don't support notification. In other words,
don't see why the security requirements should be higher for a Printer
supports notification than for one that doesn't.
So I'd like to ask the IESG why we can't have the same TLS requirements
Printers that support (implement) Notification as ones that don't,
they approved RFC2910 with TLS only being RECOMMENDED for support
From: Carl [mailto:firstname.lastname@example.org]
Sent: Tuesday, April 09, 2002 19:48
To: Hastings, Tom N
Subject: RE: IPP> RE: Mandatory Delivery Method for Notifications -
Comments by April 15
Your reply deviated on one point from my straw man proposal. The IESG
like to see security mandated. In the case of 'ippget' that means
support for TLS (although it is RECOMMENDED in RFC 2910.
Are you prepared to go along with that (which I understand is already
case for IPPFAX)?
10701 S Eastern Ave #1117
Henderson, NV 89052, USA
> -----Original Message-----
> From: email@example.com [mailto:firstname.lastname@example.org]On Behalf Of
> Tom N
> Sent: Tuesday, April 09, 2002 6:32 PM
> To: Carl
> Cc: email@example.com
> Subject: RE: IPP> RE: Mandatory Delivery Method for Notifications -
> Comments by April 15
> I support the proposal to REQUIRE a Notification Delivery Method so
> interoperability between a conforming client and a conforming Printer
> enhanced for Notifications.
> I also support the proposal to make IPPGET be that REQUIRED
> Delivery Method
> by changing the IPP Notifications and Subscriptions document (which
> OPTIONAL IPP extension document) in the following ways:
> 1. REQUIRE that a Printer support the IPPGET Delivery Method, if
> the Printer
> supports IPP Notifications.
> 2. REQUIRE that a client support the IPPGET Delivery Method, if
> it supports
> IPP Notifications.
> 3. RFC 2910 already RECOMMENDs that a Printer support TLS, so saying
> same thing in the Notifications and Subscriptions document would be
> redundant, but we could still do that.
> Compared to our other two Delivery Methods (MAILTO and INDP), the
> Delivery Method has the following advantages:
> a. it is the easiest Delivery Method to support
> b. it is in-band so it doesn't create any additional firewall
> c. it is also useful for LAN job submission (with no firewall)
> d. it doesn't create any more administrative problems
> e. it is REQUIRED for IPPFAX conformance.
> f. and doesn't have any SPAM problems (since the job submitter is
> and/or keeping a channel open for notification events).
> The IPPGET spec also should be changed:
> 4. We should also change the IPPGET spec itself from its current
> "RECOMMENDED" to "REQUIRED" as a Delivery Method for an IPP Printer
> -----Original Message-----
> From: Carl [mailto:firstname.lastname@example.org]
> Sent: Saturday, March 30, 2002 13:30
> To: Carl; email@example.com
> Subject: IPP> RE: Mandatory Delivery Method for Notifications -
> by April 15
> Resend, with spelling corrected etc. The earlier message slipped
> away before
> I had finished it.
> Ned Freed communicated in an earlier message to the IPP WG, that the
> found it unacceptable that we had not choosen ONE mandatory
> delivery method
> for notifications. They would also like to see that delivery
> method mandate
> the use of security.
> As those of you who were around about two years ago remember, we
> reach agreement about mandating any of the delivery methods.
> However, in the meantime the members of the IPPFAX project in the
> Working Group has reached an agreement that they will require all
> implementions to implement the 'ippget' delivery method, and it also
> requires support for TLS security.
> Hence, I would like to put up the following strawman proposal to
> the IPP WG
> members to satisfy the IESG comments:
> 1) Change the main Notifiction document to require that 'ippget'
> MUST be included for all notification implementations, but any of
> the other
> two methods can also be implemented as an option.
> 2) Put that rule also into the three delivery method documents, so it
> crystal clear what the rule is.
> 3) Further, in the 'ippget' delivery document, we specify that
> TLS security
> MUST be supported.
> If we can reach agreement on this, I will instruct the IPP editor to
> implement these changes.
> I would like to get your reactions back on this proposal no later
> than April
> 15, 2002.
> Carl-Uno Manros
> Chair of IETF IPP WG
> 10701 S Eastern Ave #1117
> Henderson, NV 89052, USA
> Tel +1-702-617-9414
> Fax +1-702-617-9417
> Mob +1-310-251-7103
> Email firstname.lastname@example.org
This archive was generated by hypermail 2b29 : Thu Apr 11 2002 - 10:23:42 EDT