[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Meta-comment: use of "red" / "black" terminology...

At 11:27 -0500 11/10/03, Theodore Ts'o wrote:
One comment which Barbara and I noticed in many of the 2401 issues is
the use of the terms "red-side", "black-side", "red-to-black", etc.

To date these terms have not been used in the IPsec RFC's and I-D's, and
I'd like to suggest that perhaps we should be careful not to introduce
them.  The reasons for this is two-fold.  First of all, it introduces
additional specialized lingo which may make the documents more difficult
to read.  Secondly, "red" and "black" primarily only makes sense in the
case of a security gateway, and do not necessarily make much sense in an
peer-to-peer configuration.  There is at least one example where the use
of "red" and "black" lingo has also been accompanied by diagrams that
only address the use of IPsec in tunnel mode and assume the VPN/Security
gateway model.


- Ted

The terms are applicable in all 4 examples of IPsec implementations, and in transport and tunnel mode. The terms are thoroughly relevant to peer-to-peer use of IPsec.

One might prefer better names, but not for most of the reasons you cite.