Hi,
Note that our IETF ADs observed that there are serious security
flaws in the 'mailto' Delivery Method for IPP Notifications.
These will need to be addressed in any PWG-ISTO standard.
Simplified explanation: An IPP Printer MUST NOT accept any
subscription for 'mailto' notifications from an anonymous
IPP Job submitter - otherwise, the IPP Printer is a spam
engine. An IPP Printer SHOULD use an LDAP directory (or
other authoritative source) to ensure that the recipient
of IPP 'mailto' notifications is in fact the Job Owner.
Cheers,
- Ira
Ira McDonald (Musician / Software Architect)
Blue Roof Music / High North Inc
PO Box 221 Grand Marais, MI 49839
phone: +1-906-494-2434
email: imcdonald@sharplabs.com
-----Original Message-----
From: owner-ipp@pwg.org [mailto:owner-ipp@pwg.org]On Behalf Of Michael
Sweet
Sent: Thursday, January 06, 2005 7:16 AM
To: Bergman, Ron
Cc: ipp@pwg.org; Harry Lewis (E-mail)
Subject: Re: IPP> 'mailto' Delivery Method for IPP Notifications
Bergman, Ron wrote:
>
>
> Is there any interest in completion of this document as a PWG-ISTO
> standard?
Yes.
> I am willing to take on this task if there is even a moderate
> interest. At one time it appeared that several companies were
> planning to implement this feature so there should be some support
> for a proper sandard.
The CUPS implementation will be ready for testing very soon, based
on the last draft.
-- ______________________________________________________________________ Michael Sweet, Easy Software Products mike at easysw dot com Internet Printing and Publishing Software http://www.easysw.com
This archive was generated by hypermail 2b29 : Thu Jan 06 2005 - 19:13:04 EST