IPP> MOD - Proposed text for IPP Security Application Profile for

IPP> MOD - Proposed text for IPP Security Application Profile for

Tom Hastings hastings at cp10.es.xerox.com
Thu Dec 18 22:07:47 EST 1997


Here is the proposed text for the Security Application Profile for TLS
to be added to the Security Considerations section of the IPP Model
worked out by Randy Turner, Bob Herriot, Xavier Riley, Carl-Uno Manros,
Ira McDonald, John Wenn, and Tom Hastings.


Please send any comments immediately as Scott is editing this into the
Model document.




8.8   IPP Security Application Profile for TLS
 
      The IPP application profile for TLS follows the standard "Mandatory
      Cipher Suites" requirement as documented in the TLS specification
      [TLS].  Client implementations MUST NOT assume any other cipher 
      suites are supported by an IPP Printer object.


      A conforming IPP client MUST implement and support the "Mandatory 
      Cipher Suites" as specified in the TLS specification and MAY 
      support additional cipher suites.


      If a conforming IPP Printer object supports TLS, it MUST implement and 
      support the "Mandatory Cipher Suites" as specified in the TLS 
      specification and MAY support additional cipher suites.


      It is possible that due to certain government export restrictions 
      some non-compliant versions of this extension could be
      deployed.  Implementations wishing to interoperate with such non-
      compliant versions MAY offer the TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 
      mechanism.  However, since 40 bit ciphers are known to be vulnerable 
      to attack by current technology, any client which actives a 40 bit 
      cipher MUST NOT indicate to the user that the connection is completely 
      secure from eavesdropping.



More information about the Ipp mailing list