IPP> Re: ADM - Draft minutes [client security issues]
Robert Herriot
Robert.Herriot at Eng.Sun.COM
Thu Dec 18 17:32:19 EST 1997
> From moore at cs.utk.edu Thu Dec 18 07:00:27 1997
>
> > The IETF ADs are just plain WRONG about this
> > one! Security should be a customer purchasing choice, not a "cost of
> > doing business using Internet 'standards track' protocols"! If IPP
> > actually does supplant LPR in the enterprise network (as we all hope)
> > MOST of the printers and clients will be configured WITHOUT security.
>
> We respectfully disagree. Internet standards specify requirements
> for interoperability over the entire Internet, not just in an
> enterprise network. Many enterprise networks also need security.
>
> Be assured that the requirement for strong, mandatory, interoperable
> authentication will not be changed.
>
Your comments above suggest to me that authentication (of a client) is
required and that privacy and mutual authentication are not.
So, would it be acceptable for IPP to drop TLS and require that all IPP
clients and servers support HTTP/1.1 digest authentication?
More information about the Ipp
mailing list