IPP> review of IPP documents

IPP> review of IPP documents

Paul Moore paulmo at microsoft.com
Fri May 29 20:41:07 EDT 1998


You miss the point - I agree totally about the penetration issue. I think
this is a bad reason for doing anything.


The proxy issue is quite different - the most common scenario in commercial
networks is that the users are not connected to the Internet at all (hence
firewalls dont enter the debate). Proxies enable these users to access
internet resources. (this is not a terminology issue - they are
fundamentally differnt things). By making IPP use http:80 then IPP printer
become another Internet resource accessible via my proxy.


Punching a hole in the firewall is missing the point - they can do whatever
they like to the firewall - it does not change what I can access from my
desktop. My PC can only reach those things that my proxy knows how to deal
with. If I took the proxy away I could not reach anything. This is the
inverse case from the case where my desktop is connected to the internet via
a firewall - I you take the firewall out of the loop I would be able to do
anything.


I cannot ping your machine from my desktop, this has nothing to do with the
MS firewall settings.


> -----Original Message-----
> From:	Keith Moore [SMTP:moore at cs.utk.edu]
> Sent:	Friday, May 29, 1998 5:31 PM
> To:	Paul Moore
> Cc:	'Keith Moore'; ipp at pwg.org; moore at cs.utk.edu
> Subject:	Re: IPP> review of IPP documents 
> 
> > Typically (take MS for example). The firewall and the proxy are quite
> > differnt things. The proxy is an enabler and the firewall is a
> protector.
> 
> okay...slightly different use of terminology.
> 
> insisting on IPP using port 80 just to be able to tunnel through 
> firewalls/proxies simply will not fly ...it leads to an arms race.
> (not to mention that everybody will want to use port 80, which 
> is clearly unworkable)
> 
> if your employer wants you to be able to use external printers,
> they can punch a hole in their firewall, or add a proxy, to 
> allow you to talk to the default IPP port. 
> 
> we can't let the existence of NAT boxes dictate the whole architecture.
> 
> Keith



More information about the Ipp mailing list