IPP Mail Archive: Re: IPP> Re: SEC - IPP Security Requirements

Re: IPP> Re: SEC - IPP Security Requirements

Carl-Uno Manros (carl@manros.com)
Fri, 05 Sep 1997 07:25:51 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: papowell@astart.com: "Re: IPP>MOD Why use Job-Id instead of Job-URI for Jobs?"
Previous message: Roger K Debry: "Re: IPP>MOD Why use Job-Id instead of Job-URI for Jobs?"
Maybe in reply to: Harald.T.Alvestrand@uninett.no: "IPP> Re: SEC - IPP Security Requirements"
Next in thread: Harald.T.Alvestrand@uninett.no: "Re: IPP> Re: SEC - IPP Security Requirements"

At 08:26 PM 9/4/97 +0200, Harald.T.Alvestrand@uninett.no wrote:
>Keith is doing fine.....
>
>two things:
>
>1) IPP has to ANALYZE risks of using IPP on the open Internet (NOT behind
> firewalls or in "spammable" environments)

Done that already!

>
> IPP must then DEFINE how a reasonable number of these risks can be defended
> against using security mechanisms, and REQUIRE that valid IPP
>implementations
> implement at least a minimum set of these
>

This is where we need to firm up on our design.

> The USER of an IPP device can then decide to use or not to use those
> security mechanisms.
>

Yep. Question is only how - by negotiation outside the security protocols?

>2) I'd like you to tell me which security lists are discussing SASL; it
> seems that the list set up to discuss SASL is either totally dead or
> I've fallen off it. We need to know!
>

Check the TLS list for the last couple of weeks.

>Thanks for your help!
>
> Harald A
>

Regards,

Carl-Uno

Next message: papowell@astart.com: "Re: IPP>MOD Why use Job-Id instead of Job-URI for Jobs?"
Previous message: Roger K Debry: "Re: IPP>MOD Why use Job-Id instead of Job-URI for Jobs?"
Maybe in reply to: Harald.T.Alvestrand@uninett.no: "IPP> Re: SEC - IPP Security Requirements"
Next in thread: Harald.T.Alvestrand@uninett.no: "Re: IPP> Re: SEC - IPP Security Requirements"