[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Meta-comment: use of "red" / "black" terminology...

   Stephen> We could use "protected" for "red" and "unprotected" for
   Stephen> "black" if that makes it easier for folks to remember.

  Yes, I would like that a lot.

  For one not steeped in DoD jargon, "red" and "black" have no intuitive
  meaning.  I usually get the two sides mixed up, because my mind
  interprets "red" as "sensitive" so I think that the red side is the
  unprotected side (where the classified stuff is exposed) rather than
  the protected side.

My reaction on reading Steve's message was that protected/unprotected
was also confusing.  I read Steve's comment equating protected and red
as the network port which had some sort of physical
security/connection control, and thus was not using IPsec, and the
'unprotected' port as the one which traversed e.g. the public Internet
and thus on which data needed IPsec protection.  On reading Paul's
message, I'm sure they are confusing; I am pretty sure he interpreted
them differently from how Steve meant them.

That said, PT and CT are useful terms that are more descriptive.  But
the nesting terminology concern that Sean points out can not be
addressed fully with any choice of terminology; the fundamental
difficulty is that one system's CT data is another's PT data (e.g. two
hosts using transport mode across a VPN).

        Greg Troxel <gdt@xxxxxxxxxx>