Carl wrote:
> Tom,
>> Your reply deviated on one point from my straw man proposal. The IESG would
> like to see security mandated. In the case of 'ippget' that means MANDATORY
> support for TLS (although it is RECOMMENDED in RFC 2910.
> ...
I think the IESG is off their rocker this time - mandatory support
for TLS with notifications doesn't provide any appreciable improvement
in security, especially since scenarios requiring the most
confidentiality (notifications over the Internet) may not be able
to support TLS upgrades due to firewall limitations.
It makes sense to require mandatory support for TLS in IPPFAX, but
IPPFAX != just IPP + IPP Notifications.
Perhaps some mention of the IPPFAX specs in the IPP Notifications
specs would be sufficient, along with the SHOULD/RECOMMENDED wording
in the current spec?
--
______________________________________________________________________
Michael Sweet, Easy Software Products mike at easysw.com
Printing Software for UNIX http://www.easysw.com