[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Meta-comment: use of "red" / "black" terminology...
IPsec provides a barrier through which traffic passes. There is an
asymmetry to this barrier, which is reflected in the processing
model. Outbound data, if not discarded or bypassed, is protected via
the application of AH or ESP and the addition of the corresponding
headers. Inbound data, if not discarded or bypasses, is processed
via the removal of AH or ESP headers, after processing. We need to
refer to inbound and outbound directions in discussion processing,
and these directions have to be expressed relative to the sides of
the IPsec barrier. Interfaces for an IPsec implementation, including
the internal interface that a native, IPsec host implementation
presents to applications, must be characterized relative to the side
of the barrier on which the exist.
We could use "protected" for "red" and "unprotected" for "black" if
that makes it easier for folks to remember.