IPP Mail Archive: Re: IPP> RE: Mandatory Delivery Method for

Re: IPP> RE: Mandatory Delivery Method for Notifications - Commen ts by April 15

From: Michael Sweet (mike@easysw.com)
Date: Mon Apr 01 2002 - 09:20:18 EST

  • Next message: McDonald, Ira: "RE: IPP> RE: Mandatory Delivery Method for Notifications - Commen ts by April 15"

    McDonald, Ira wrote:
    > ...
    > Security should be improved in both of the other optional IPP notification
    > delivery methods:
    >
    > 1) For SMTP notification, the use of S/MIME should be required
    > (S/MIME is only a MAY in the current draft).

    Except that most MUA's don't support S/MIME... :(

    > 2) For INDP notification, the use of TLS should be required
    > (TLS is only a MAY in the current draft).

    Again, I think that TLS, while a Good Thing (tm), introduces overhead
    that can make implementing IPP notifications impossible on the kind of
    devices it was originally targeted for...

    Making TLS a SHOULD is probably the strongest language we can use...

    > Neither of the optional methods is likely to pass IETF scrutiny with their
    > present security requirements and 'Security Considerations' sections.
    > Certainly not if chosen as the required IPP notification delivery method.
    > ...

    Encrypting a notification in an EMail won't make it any more secure.
    (I think SPAM/DoS issues are higher on the list than making sure that
    a notification is signed/validated; obviously the recipient can
    validate the notification themselves by looking at the printer,
    etc...)

    For INDP, TLS may improve security, however the current spec doesn't
    require authentication at all for incoming IPP operations, so
    encrypting the channel doesn't make INDP more secure by itself.

    -- 
    ______________________________________________________________________
    Michael Sweet, Easy Software Products                  mike@easysw.com
    Printing Software for UNIX                       http://www.easysw.com
    



    This archive was generated by hypermail 2b29 : Mon Apr 01 2002 - 09:20:54 EST