IPP Mail Archive: RE: IPP> 'mailto' Delivery Method for IPP

RE: IPP> 'mailto' Delivery Method for IPP Notifications

From: McDonald, Ira (imcdonald@sharplabs.com)
Date: Fri Jan 07 2005 - 13:57:29 EST

  • Next message: Michael Sweet: "Re: IPP> 'mailto' Delivery Method for IPP Notifications"

    Hi Gail,

    [Nice to hear from you!]

    The admin assistant use case still requires an LDAP verification
    of the target. Deploying a printer without this (even one that
    does NOT accept jobs from outside the enterprise) makes it a
    potential spam engine.

    The IETF ADs were right to complain about this. No printer
    vendor wants to figure prominently in the next CERT alert for
    security problems.

    I also think the admin assistant use case is a corner case. It's
    not what existing LPR email notifications do in the UNIX space
    (they reply to the job owner).

    Cheers,
    - Ira

    Ira McDonald (Musician / Software Architect)
    Blue Roof Music / High North Inc
    PO Box 221 Grand Marais, MI 49839
    phone: +1-906-494-2434
    email: imcdonald@sharplabs.com

    -----Original Message-----
    From: Gail Giansiracusa [mailto:ggiansiracusa@peerless.com]
    Sent: Friday, January 07, 2005 1:06 PM
    To: McDonald, Ira; Michael Sweet; Bergman, Ron
    Cc: ipp@pwg.org; Harry Lewis (E-mail)
    Subject: RE: IPP> 'mailto' Delivery Method for IPP Notifications

    Hi Ira,

    I believe that one of the design points was to allow notifications to be
    sent to a third party. The use case that was thrown around was the
    ability of the notification to be sent to an administrative assistant to
    be picked up.

    Gail (Songer) Giansiracusa
    Peerless Systems Corp
    ggiansiracusa@peerless.com
     

    -----Original Message-----
    From: owner-ipp@pwg.org [mailto:owner-ipp@pwg.org] On Behalf Of
    McDonald, Ira
    Sent: Thursday, January 06, 2005 4:13 PM
    To: 'Michael Sweet'; Bergman, Ron
    Cc: ipp@pwg.org; Harry Lewis (E-mail)
    Subject: RE: IPP> 'mailto' Delivery Method for IPP Notifications

    Hi,

    Note that our IETF ADs observed that there are serious security
    flaws in the 'mailto' Delivery Method for IPP Notifications.
    These will need to be addressed in any PWG-ISTO standard.

    Simplified explanation: An IPP Printer MUST NOT accept any
    subscription for 'mailto' notifications from an anonymous
    IPP Job submitter - otherwise, the IPP Printer is a spam
    engine. An IPP Printer SHOULD use an LDAP directory (or
    other authoritative source) to ensure that the recipient
    of IPP 'mailto' notifications is in fact the Job Owner.

    Cheers,
    - Ira

    Ira McDonald (Musician / Software Architect)
    Blue Roof Music / High North Inc
    PO Box 221 Grand Marais, MI 49839
    phone: +1-906-494-2434
    email: imcdonald@sharplabs.com

    -----Original Message-----
    From: owner-ipp@pwg.org [mailto:owner-ipp@pwg.org]On Behalf Of Michael
    Sweet
    Sent: Thursday, January 06, 2005 7:16 AM
    To: Bergman, Ron
    Cc: ipp@pwg.org; Harry Lewis (E-mail)
    Subject: Re: IPP> 'mailto' Delivery Method for IPP Notifications

    Bergman, Ron wrote:
    >
    >
    > Is there any interest in completion of this document as a PWG-ISTO
    > standard?

    Yes.

    > I am willing to take on this task if there is even a moderate
    > interest. At one time it appeared that several companies were
    > planning to implement this feature so there should be some support
    > for a proper sandard.

    The CUPS implementation will be ready for testing very soon, based
    on the last draft.

    -- 
    ______________________________________________________________________
    Michael Sweet, Easy Software Products           mike at easysw dot com
    Internet Printing and Publishing Software        http://www.easysw.com
    



    This archive was generated by hypermail 2b29 : Fri Jan 07 2005 - 13:58:24 EST