[8] in Enterprise Print Delivery Team
Fwd: Re: Enterprise Printing Delivery, Meeting Notes, 12/2/1999
daemon@ATHENA.MIT.EDU (Mary Ellen Bushnell)
Tue Dec 14 10:04:34 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id: <v04020a05b47c0cb39506@[18.152.1.45]>
Date: Tue, 14 Dec 1999 10:04:25 -0500
To: printdel@MIT.EDU
From: Mary Ellen Bushnell <bushnell@MIT.EDU>
I've edited the Delivery Charter to reflect features that are desirable for
printers/devices - if not required. ME
>X-Warning: mitvma.mit.edu: Host PACIFIC-CARRIER-ANNEX.MIT.EDU claimed to be
> MIT.EDU
>Lines: 37
>Date: Wed, 8 Dec 1999 11:26:07 -0500
>Reply-To: Mike Whitson <mwhitson@MIT.EDU>
>Sender: MIT Enterprise Printing Delivery Project <PRINTDEL@mitvma.mit.edu>
>From: Mike Whitson <mwhitson@MIT.EDU>
>Subject: Re: Enterprise Printing Delivery, Meeting Notes, 12/2/1999
>To: PRINTDEL@mitvma.mit.edu
>
>"David F. Lambert" <LAMBERT@mitvma.mit.edu> writes:
>
>> >***The PRINTERS (or embedded devices) we get must support security,
>> >authentication, debugging, adding functionality, and include onboard
>> >decryption, and be willing to turn over source code.
>
>> Given the state of available products and alternative available
>> solutions for providing secured printing, I'd suggest the above is
>> desirable but not a "must".
>
>Much as I dearly wish it were feasible to have this as a requirement,
>I don't think it's possible. (Although this may change.) I wouldn't
>mind happy changing this to "If feasible, the printers/embedded
>devices should..."
>
>> Sensitive data today flows on the 18.92 W91 subnet and I believe
>> folks feel reasonably comfortable with this minimal exposure.
>
>What happens if someone cracks a host on 18.92? (Or a switch or
>router, which use cleartext passwords...) We have some sensitive
>cleartext data on 18.184 (the athena dialup subnet), but we're
>certainly not *comfortable* with it. I don't really like the idea of
>cleartext sensitive data flowing on any connected subnet.
>
>> Point-to-point attached printers is an option but clearly not as
>> desirable as network attached printers.
>
>> There has been some past talk of placing a print server in ODSUE's
>> space in bldg 11 which could handle the deencryption with ODSUE printers
>> directly attached to this remote server.
>
>Specifically, one would use a backend network or point-to-point
>connection for the unencrypted data, so that there would be no
>exposure of unencrypted data to the outside world. (This is basically
>what my draft security statement says.)
>
>-mike
>
