IPP> Re: IPP Scheme

IPP> Re: IPP Scheme

Rich Gray RichG at digital-controls.com
Mon Jul 13 11:05:33 EDT 1998


> -----Original Message-----
> From: Keith Moore [mailto:moore at cs.utk.edu]
> Sent: Sunday, July 12, 1998 7:39 PM
> To: Randy Turner
> Cc: moore at cs.utk.edu; ipp at pwg.org; moore at cs.utk.edu
> Subject: IPP> Re: IPP Scheme 

[snips]

Keith writes:
> 
> With due respect, the IESG disagrees.  The layering of a new protocol
> over HTTP, and the proposed reuse of http: URLs, has 
> generated concerns
> about breaking widely-held assumptions - specifically, 
> firewall policies
> and assumptions about what http: means and how it is used.

What can one assume about http?  That it is the "browsing" application??
Using conventional http/html one can indeed browse a vast "library" of
information.  Many of us are now quite dependant upon this access.  But
one can also upload/download files, control routers and other gear
(including printers!), cop a peek at a porn site, get news & other
information, send and receive e-mail and all sorts of services that
imaginative people have managed to implement on these protocols.   So it
seems to me that the only meaning http: has it that it is Hypertext
Transport.  One cannot tell what is being transported.  It is not
possible to infer "application" based upon http:.  One would have to dig
into the content of the messages (or filter on hosts) to do much
effective blocking if one wanted to restrict http to a small set of
legitimate applications.   So it does not seem like this is much help
for the firewall administrator.  The barndoor is already pretty wide
open. 

MIME type would seem to provide a most adequate filtering hook for IPP
and other protocols which also wish to ride on http.  

> 
> Keith
> 

Another $.02,

Rich

Richard B. Gray, Sr. Software Egr.| Tel: 513/746-8118 ext. 2405
Digital Controls Corporation      | Fax: 513/743-8575
305 South Pioneer Blvd.           | Net: rich.gray at digital-controls.com
Springboro OH 45066-1100, USA     | Http://lpplus.digital-controls.com




More information about the Ipp mailing list