Re: Meta-comment: use of "red" / "black" terminology...

["Sean Kevin O'Keeffe" <sokeeffe@xxxxxxxxxx>]

I prefer the PT/CT terminology and I believe there are ambiguity issues 
with using either 'Red'/'Black' or 'unprotected'/'protected.'

Even within the DoD community, I find the use of terms 'Red' and 
'Black' confusing, or even inaccurate, for many network configurations. 
 For example, if a user wishes to use a gateway to tunnel 'unsenstive' 
information through a 'sensitive' network, the encapsulated ciphertext 
appears at the 'Red'  interface of the gateway, not the 'Black' 
interface.  Another example where these terms are confusing is when a 
user nests multiple gateways.   This leads to situations where the 
'Red' interface of a gateway may exchange packets with the 'Black' 
interface of a gateway in an interior layer.  (I believe the terms 
'protected' and 'unprotected' suffer from the same ambiguity.)

This second example raises another interesting notation issue.  If 
there is only a single PT/CT boundary in a system then it makes sense 
to refer to the 'PT network'  and the 'CT network.'   However, with 
gateway nesting,  we may have multiple PT/CT boundaries in a system.   
What naming system should we use to describe the various networks in 
such a configuration?

-Sean O'Keeffe

On Nov 11, 2003, at 11:28 AM, David Waitzman wrote:
> My input would be CT == Cipher Text for the side where the data is 
> enciphered and PT == Plain Text where the data is plain.
>
> Similar to Protected but more history behind it.
>
> -david waitzman