That should reference whatever the number becomes for the Draft Standard
version, not 2069; the older version doesn't define MD5-sess at all. I
haven't seen any change in status on the RFC editors queue for a while on
these. I believe that all the final edits have been to them for some time
now, so I would expect an RFC number before long.
> MD5 and MD5-sess MUST be implemented and supported.
> The Message Integrity feature NEED NOT be used.
Will you specify what values for 'qos' are acceptable? If you don't mandate
support for qos=auth-int, then the IPP message in the HTTP body is not
protected.