[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Meta-comment: use of "red" / "black" terminology...




>At the WG session today, Steve Kent clarified that the "red interface"
>on a host stack implementation could be a purely internal functional
>interface rather than an IP Interface (virtual or physical).

Hm. I suppose one couuld invent terminology like that, but its a
pretty radical departure from the DoD terminology, since (outside the
VPN/securitygateway model), one can trivially produce graphs where
nodes cannot be consistently labelled either "red" or "black".

Even disregarding that, it's still a bit of a non-sequitur to the
point abouta

   "... only address the use of IPsec in tunnel mode and assume
        the VPN/securitygateway model".

which struck me as a legitimate concern, orthogonal to whatever
terminology one adopts for the VPN/security-gateway model.

(For what it's worth, I'd like to see of "red" and "black" or any
other similar terms prohibited, lest they seduce anyone into thinking
*solely* in terms of IPsec tunnel mode and VPNs/security-gateways).