IPP Mail Archive: Re: IPP> Re: ADM - Draft minutes [client security issues]

Re: IPP> Re: ADM - Draft minutes [client security issues]

Robert Herriot (Robert.Herriot@Eng.Sun.COM)
Thu, 18 Dec 1997 14:32:19 -0800

> From moore@cs.utk.edu Thu Dec 18 07:00:27 1997
>
> > The IETF ADs are just plain WRONG about this
> > one! Security should be a customer purchasing choice, not a "cost of
> > doing business using Internet 'standards track' protocols"! If IPP
> > actually does supplant LPR in the enterprise network (as we all hope)
> > MOST of the printers and clients will be configured WITHOUT security.
>
> We respectfully disagree. Internet standards specify requirements
> for interoperability over the entire Internet, not just in an
> enterprise network. Many enterprise networks also need security.
>
> Be assured that the requirement for strong, mandatory, interoperable
> authentication will not be changed.
>

Your comments above suggest to me that authentication (of a client) is
required and that privacy and mutual authentication are not.

So, would it be acceptable for IPP to drop TLS and require that all IPP
clients and servers support HTTP/1.1 digest authentication?