[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Meta-comment: use of "red" / "black" terminology...



>So, again, what  is your point?

I think Ted T'so has covered it, but if this is a serious question:

    That the "red/black" terminology is overloaded, it doesn't mean
to some of us what it apparently means to you, that its overloaded in
ways likely to yield unwanted misunderstandings and negative
consequences, on two or three different levels of (mis)understanding.


I'll take your word that *you* use "red"/"black" the way you say you
do. I don't believe that's how its more widely understood.  (If memory
serves, Padlipsky commented that people like -- well, like you by
name, who knew what the DoD wanted from security, couldn't talk about
that to the ISORMites. So appealing to 25-year-old DoD practice, while
helpful to *you*, may understandably not be how most of us see it.
In that context, I'm even willing to stand by non-sequitur).

I beleive that "red"/"black" is much more likely to be taken as
meaning the same as the "internal"/"external" or "trusted" /
"untrusted" division of a security-gateway/VPN deployment.

I submit that describing, oh, lets say fragmentation-before-encryption
versus fragmentation-after-encryption as "red side" or "black side",
is not helpful; not just because which colour is which just isnt' that
self-motivating to people without the appropriate (DoD?)  backgrounds;
but because, as a point of fact, "red" / "black" just aren't good
general terms to convey "before IPsec does its thing" or "after IPsec
does its thing", in the way they apparently are for you.

Instead, its likely to mislead and aid and abet readers who see "red"
/ "black" as synonyms for "trusted" / " untrusted", into making the
error of conflating IPsec with "security-gateway/VPN".

Last, if MCR is correct that one country's "red" / "black" is another
country's "black" / "red", then clearly we shouldn't use "red" / "black"
at all.