[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Meta-comment: use of "red" / "black" terminology...

IPsec provides a barrier through which traffic passes. There is an asymmetry to this barrier, which is reflected in the processing model. Outbound data, if not discarded or bypassed, is protected via the application of AH or ESP and the addition of the corresponding headers. Inbound data, if not discarded or bypasses, is processed via the removal of AH or ESP headers, after processing. We need to refer to inbound and outbound directions in discussion processing, and these directions have to be expressed relative to the sides of the IPsec barrier. Interfaces for an IPsec implementation, including the internal interface that a native, IPsec host implementation presents to applications, must be characterized relative to the side of the barrier on which the exist.

We could use "protected" for "red" and "unprotected" for "black" if that makes it easier for folks to remember.