attachment-0002
<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"><base href="x-msg://365/"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Christoph,<div><br></div><div>WRT #3, most places I've seen that implement this in a number of ways:</div><div><br></div><div>1. Limit discovery to authorized devices by disabling mDNS and using managed directories (traditional DNS, LDAP, etc.)</div><div><br></div><div>2. Configure the clients to only accept specific certs or certs signed by specific CAs.</div><div><br></div><div>3. Configure the printer and client to use the same trusted authorization server (e.g. Kerberos/ActiveDirectory).</div><div><br></div><div>So while you might not authenticate the printer, you can lock down access to the printer to achieve much the same thing.</div><div><br></div><div><br><div><div>On 2013-02-20, at 1:47 AM, "Lindemann, Christoph" <<a href="mailto:Christoph.Lindemann@nuance.com">Christoph.Lindemann@nuance.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div lang="DA" link="blue" vlink="purple" style="font-family: Consolas; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div class="WordSection1" style="page: WordSection1; "><div style="margin: 0cm 0cm 0.0001pt 36pt; font-size: 12pt; font-family: 'Times New Roman', serif; text-indent: -18pt; "><span lang="EN-US" style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><span>1)<span style="font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-family: 'Times New Roman'; "> <span class="Apple-converted-space"> </span></span></span></span><span lang="EN-US" style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">Having the ”ds” key in the TXT record, might also create unnecessary network traffic, as the an update announcement MUST be send for any changes to the TXT record.<o:p></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt 36pt; font-size: 12pt; font-family: 'Times New Roman', serif; text-indent: -18pt; "><span lang="EN-US" style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><span>2)<span style="font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-family: 'Times New Roman'; "> <span class="Apple-converted-space"> </span></span></span></span><span lang="EN-US" style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">A lot of places it says “privet”, like “_printer._sub._privet._tcp.local” or “X-Privet-Token”. Should that be “private”?<o:p></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt 36pt; font-size: 12pt; font-family: 'Times New Roman', serif; text-indent: -18pt; "><span lang="EN-US" style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><span>3)<span style="font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-family: 'Times New Roman'; "> <span class="Apple-converted-space"> </span></span></span></span><span lang="EN-US" style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">In section 6.2 “Secure printing over local network” you might consider, how the client can authenticate the printer. Encryption does not help much, if your job gets send to the wrong printer.<o:p></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US" style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US" style="font-size: 9pt; font-family: Calibri, sans-serif; ">Christoph Lindemann</span><span lang="EN-US" style="font-size: 11pt; font-family: Calibri, sans-serif; "><o:p></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US" style="font-size: 9pt; font-family: Calibri, sans-serif; ">Senior Software Developer, Imaging</span><span lang="EN-US" style="font-size: 11pt; font-family: Calibri, sans-serif; "><o:p></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US" style="font-size: 9pt; font-family: Calibri, sans-serif; color: rgb(0, 153, 0); ">Nuance Communications, Inc.<o:p></o:p></span></div></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US" style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span></div><div style="border-style: none none none solid; border-left-width: 1.5pt; border-left-color: blue; padding: 0cm 0cm 0cm 4pt; "><div><div style="border-style: solid none none; border-top-width: 1pt; border-top-color: rgb(181, 196, 223); padding: 3pt 0cm 0cm; "><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><b><span lang="EN-US" style="font-size: 10pt; font-family: Tahoma, sans-serif; ">From:</span></b><span lang="EN-US" style="font-size: 10pt; font-family: Tahoma, sans-serif; "><span class="Apple-converted-space"> </span><a href="mailto:cloud-bounces@pwg.org" style="color: purple; text-decoration: underline; ">cloud-bounces@pwg.org</a><span class="Apple-converted-space"> </span>[mailto:cloud-<a href="mailto:bounces@pwg.org" style="color: purple; text-decoration: underline; ">bounces@pwg.org</a>]<span class="Apple-converted-space"> </span><b>On Behalf Of<span class="Apple-converted-space"> </span></b>Michael Sweet<br><b>Sent:</b><span class="Apple-converted-space"> </span>18. februar 2013 02:53<br><b>To:</b><span class="Apple-converted-space"> </span><a href="mailto:kdlucas@google.com" style="color: purple; text-decoration: underline; ">kdlucas@google.com</a><br><b>Cc:</b><span class="Apple-converted-space"> </span><a href="mailto:cloud@pwg.org" style="color: purple; text-decoration: underline; ">cloud@pwg.org</a><br><b>Subject:</b><span class="Apple-converted-space"> </span>Re: [Cloud] Google's Local Discovery Draft Specification<o:p></o:p></span></div></div></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US"> </span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US">Kelly,<o:p></o:p></span></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US"> </span></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US">Comments below...<o:p></o:p></span></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US"> </span></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US"> </span></div></div><div><div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US">On 2013-02-15, at 9:58 PM, kdLucas <</span><a href="mailto:kdlucas@google.com" style="color: purple; text-decoration: underline; "><span lang="EN-US">kdlucas@google.com</span></a><span lang="EN-US">> wrote:<o:p></o:p></span></div></div><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US">Google has drafted a local discovery specification that is based loosely on mDNS. You may recall we asked for input on this while we were researching which protocol to use.<o:p></o:p></span></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US"> </span></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US">Here is our draft, and we'd appreciate any feedback you may have. We hope to implement this over the next few months so it would help if you provided comments within the next few weeks.<o:p></o:p></span></div></div></blockquote><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US"> </span></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US">OK, so some specific feedback:<o:p></o:p></span></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US"> </span></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US">0. Are you also aware of the work in the IETF to extend mDNS beyond subnets?<o:p></o:p></span></div></div><div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US"> </span></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US"> (</span><a href="http://tools.ietf.org/html/draft-lynn-mdnsext-requirements-01" style="color: purple; text-decoration: underline; "><span lang="EN-US">http://tools.ietf.org/html/draft-lynn-mdnsext-requirements-01</span></a><span lang="EN-US">)<o:p></o:p></span></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US"> </span></div></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US">1. I'm not happy with the name of the "base_url" key; "server", "base", "url"? Shorter is better for TXT records.<o:p></o:p></span></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US"> </span></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US">2. The "type" key in the TXT record is unnecessary; clients can simply browse for the subtypes they are interested in and correlate using the service name.<o:p></o:p></span></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US"> </span></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US">3. The "id" key looks like a UUID. If so, it should be documented as such.<o:p></o:p></span></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US"> </span></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US">4. The "ds" key doesn't really belong here - TXT records don't generally get updated that frequently and typically have a TTL value of at least several minutes.<o:p></o:p></span></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US"> </span></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US">5. The "cs" key is probably ok since the connection state won't change that often, but I think having an explicit "cs=not-configured" value might be useful?<o:p></o:p></span></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US"> </span></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US">6. You specifically mention IPv4 link-local, but you also want IPv6 link-local, too, right?<o:p></o:p></span></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US"> </span></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US">7. How does one provide a job ticket when printing directly to the printer?<o:p></o:p></span></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US"> </span></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US" style="font-size: 13.5pt; font-family: 'Andale Mono'; ">_________________________________________________________<br>Michael Sweet, Senior Printing System Engineer, PWG Chair<o:p></o:p></span></div></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US"> </span></div></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span lang="EN-US"><br>--<span class="Apple-converted-space"> </span><br>This message has been scanned for viruses and<span class="Apple-converted-space"> </span><br>dangerous content by<span class="Apple-converted-space"> </span></span><a href="http://www.mailscanner.info/" style="color: purple; text-decoration: underline; "><b><span lang="EN-US">MailScanner</span></b></a><span lang="EN-US">, and is<span class="Apple-converted-space"> </span><br>believed to be clean.<o:p></o:p></span></div></div></div><br>--<span class="Apple-converted-space"> </span><br>This message has been scanned for viruses and<span class="Apple-converted-space"> </span><br>dangerous content by<span class="Apple-converted-space"> </span><a href="http://www.mailscanner.info/" style="color: purple; text-decoration: underline; "><b>MailScanner</b></a>, and is<span class="Apple-converted-space"> </span><br>believed to be clean. _______________________________________________<br>cloud mailing list<br><a href="mailto:cloud@pwg.org" style="color: purple; text-decoration: underline; ">cloud@pwg.org</a><br><a href="https://www.pwg.org/mailman/listinfo/cloud" style="color: purple; text-decoration: underline; ">https://www.pwg.org/mailman/listinfo/cloud</a><br></div></blockquote></div><br><div>
<span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: 'Andale Mono'; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: 'Andale Mono'; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">_________________________________________________________<br>Michael Sweet, Senior Printing System Engineer, PWG Chair</div></span></span>
</div>
<br></div><br />--
<br />This message has been scanned for viruses and
<br />dangerous content by
<a href="http://www.mailscanner.info/"><b>MailScanner</b></a>, and is
<br />believed to be clean.
</body></html>