IPP Mail Archive: Re: IPP> SEC: IPP 1.1 security (phone conference)

Re: IPP> SEC: IPP 1.1 security (phone conference)

Ira McDonald (imcdonal@sdsp.mc.xerox.com)
Wed, 3 Feb 99 09:10:08 EST

Hi John,

The IESG has firmly rejected specifying security by alternate
scheme names (e.g., 'https:'). The working agreement within
the IPP WG is that the security is NOT discoverable by direct
examination of the URI, but is found through a directory service
(such as LDAP) or service location protocol (such as SLP)
by examining the attribute 'uri-security-supported' which is
an ordered attribute parallel to the 'printer-uri-supported'
attribute.

Several IETF-chartered working groups have already been shot
down trying to use either 'xxxs:' scheme names or mandatory
parameters appended to URI.

Embedding security info in URI has gone completely out of
favor with the IESG.

Also IPP/1.1 systems MUST use 'ipp:' for their URI, per
our Area Directors and other IESG members.

The SLP 'printer:' template (and its future translation
into an LDAP 'printer:' schema) already supports advertising
these two IPP Printer object attributes and makes such
advertisement MANDATORY.

Cheers,
- Ira McDonald (outside consultant at Xerox)
(editor of SLP 'printer:' template)