[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Meta-comment: use of "red" / "black" terminology...

To: ipsec@lists.tislabs.com
Subject: Re: Meta-comment: use of "red" / "black" terminology...
From: Stephen Kent <kent@bbn.com>
Date: Tue, 11 Nov 2003 11:34:30 -0500
In-reply-to: <200311102345.PAA25518@Pescadero.DSG.Stanford.EDU>
References: <200311102345.PAA25518@Pescadero.DSG.Stanford.EDU>
Sender: owner-ipsec@lists.tislabs.com



IPsec provides a barrier through which traffic passes. There is an 
asymmetry to this barrier, which is reflected in the processing 
model. Outbound data, if not discarded or bypassed, is protected via 
the application of AH or ESP and the addition of the corresponding 
headers.  Inbound data, if not discarded or bypasses, is processed 
via the removal of AH or ESP headers, after processing. We need to 
refer to inbound and outbound directions in discussion processing, 
and these directions have to be expressed relative to the sides of 
the IPsec barrier. Interfaces for an IPsec implementation, including 
the internal interface that a native, IPsec host implementation 
presents to applications, must be characterized relative to the side 
of the barrier on which the exist.

We could use "protected" for "red" and "unprotected" for "black" if 
that makes it easier for folks to remember.

Steve

Follow-Ups:
- Re: Meta-comment: use of "red" / "black" terminology...
  - From: Paul Koning <pkoning@equallogic.com>
- Re: Meta-comment: use of "red" / "black" terminology...
  - From: Henry Spencer <henry@spsystems.net>

References:
- Re: Meta-comment: use of "red" / "black" terminology...
  - From: Jonathan Stone <jonathan@dsg.stanford.edu>

Prev by Date: Re: Meta-comment: use of "red" / "black" terminology...
Next by Date: [no subject]
Previous by thread: Re: Meta-comment: use of "red" / "black" terminology...
Next by thread: Re: Meta-comment: use of "red" / "black" terminology...
Index(es):
- Date
- Thread