Home page logo

interesting-people logo Interesting People mailing list archives

Reapprove:berea Re: NSF and the Birth of the Internet
From: David Farber <dave () farber net>
Date: Wed, 20 Aug 2008 19:09:58 -0400

Begin forwarded message:

From: Jim Thompson <jim () netgate com>
Date: August 20, 2008 5:09:54 AM EDT
To: Vint Cerf <vint () google com>
Cc: Karl Auerbach <karl () cavebear com>, Dave Farber <dave () farber net>, skent () bbn com , gnu () toad com
Subject: Re: [IP] Re:    NSF and the Birth of the Internet

This may be relevant:  http://www.toad.com/gnu/netcrypt.html


Paul Lambert, palamber () us oracle com

Approching for network layer encryption have been openly published before the work in the IETF. The research and development of "Network Security" started in the late 70's at BBN with the development of the "IPLI". Classified research and development continued in this area on the Blacker (Unisys) and Caneware (Motorola) programs in the early 80's. The NSA sponsored Secure Data Network System (SDNS) project brought together a variety of vendors that created the early SP3, KMP and MSP specifications. SP3 provided network layer security services that included a tunneling mode. SP3 is very similar to the IPsec working group ESP specification. The Key Management Protocol (KMP) is similar to the ISAKMP specification in concept, but used ASN.1 for specifying the protocol formats. Much of the SDNS work was openly published starting in about 1988. The Motorola Network Encryption System (NES) is an SDNS device and was designed in the mid to late 80's.

The SDNS specification for SP3 was submitted to the ANSI and ISO standards committees and mutated into the Network Layer Security Protocol (NLSP). NLSP included a network layer key establishment protocol that served as a starting point for some of the current IPsec key management proposals.

An important early paper on network security was written by Dave Golber (Unisys at the time) on the "Dual versus Single Catenet Security Model" (about 1983). There are a variety of SP3 security papers written in 1988 and 1989.

So, there is a lot of prior art for network encryption. Most of the major wrinkles in the technology were worked out in the late 80's by projects sponsored by the NSA and openly published to help create "good" security standards.

Howard Weiss, hsw () columbia sparta com

Actually, the PLI (Private Line Interface) was developed by BBN in the early '70s. The IPLI was to be its "modern" successor. It consisted of a classified-side (red) processor, a KG-30 encryption box, and an unclassified-side (black) processor. It was evaluated and certified by NSA around late-1975 or early-1976. Its function was to allow classified traffic to flow, encrypted, over the ARPAnet. This meant, at the time, that ARPAnet NCP headers remained in the clear while the data payload was encrypted. COINS (Consolidated On-line Intelligence Network) used the PLI to connect a distant node via the ARPAnet in order to save the line charges for the then, very expensive 50KB lines.

Steve Kent, kent () bbn com

As one who participated somewhat more directly in the history of this, let me refine some of Paul's comments. The first packet encryptor was the PLI (not IPLI) developed in the early 70s by BBN under DARPA funding. It was approved by NSA for limited deployment on the ARPANET, to protect classified data being sent by DoD folks, starting in 1975 (a somewhat more sophisticated version was approved for use in 1976). Due to the restrictions imposed by use of government COMSEC equipment (KG-34), this was a manually keyed system. In the 1975-1980 timeframe, BBN and the Collins Radio division or Rockwell developed and did limited deployment of the BCR, also under DARPA funding, as an experimental network encryption device. The BCR worked in the TCP/IP protocol environment, used the first NBS- certified DES chips, and had automated, KDC-based key management and access control (the same model later adopted by Kerberos and Blacker). The BCR underwent substabtial performance testing in 1980-81, before being retired. Later, DES-based network security devices were design and some were built as prototypes for DARPA in the early 80s, experimentin with higher speed network connections (Ethernet) and newer versions of protocols (IPv4 vs. IPv3).

The first Blacker program also began in the late 70's, funded by NSA with work done by SDC (software) and Burroughs (hardware). It too made use of centralized key management and access control. The followon program, designed to produce a product (vs. a proof-of-concept demo) was awarded to Unisys (merged SDC and Burroughs) in the early 80s, but it did not produce fielded devices until the late 80s. The fielded Blacker was revolutionary in its use of a single processor design with the (custom) crypto as a peripheral on the internal bus. It was designed to be a very high assurance (A1) system.


If Blacker began in the late 70s, (as Steve states), funded by NSA, and work being done by SDC and Burroughs, then a blackboard written on Dec 31, 1975, marked "save until January 10, 1975" is unlikely to be about Blacker, or BCR.

The earlier quote from Karl was:


Take a look at the following URL for a photo of a a blackboard when Vint and I worked late into the evening of Dec 31, 1974 on the insertion of an encrypting security layer between IP and TCP - http://www.cavebear.com/archive/cavebear/photos/tcpip.gif (I really do need to do a better re-scan that 35mm slide.)


The slide/photo also appears to have "G. Cole" two names below Karl's.


On Aug 19, 2008, at 7:50 PM, Vint Cerf wrote:


it is possible that the BCR work (predecessor to Blacker) used an initial TCP format that did not split out IP.

I don't think the term "IP" emerged until 1977.

Steve Kent may recall the specifics of the initial BCR format, I have copied him on this note. If it is the case that the system ran on TCP-only initially, then we might surmise that your slides somehow referenced only TCP. Did you say earlier that the slide said TCP/IP specifically? that would sound like an anachronism.


On Aug 19, 2008, at 9:06 PM, Karl Auerbach wrote:

Vint Cerf wrote:
Karl et al,
Dec 31 1974 would have literally the date of the first TCP spec, RFC 675. I don't think I began working on the BCR stuff with NSA until 1975 and Blacker came later. Is it possible you are off a couple of years, Karl? we didn't split IP off until 1977 with version 3 and then version 4 of TCP/IP.

I just went and looked at the 35mm slide and it has "Jan 1975" embossed into the frame. And I do remember from the strangeness of the context that it was New Years eve. Also, the photo has "Save until Jan 10, 1975" on it in the upper right corner in my scratchy script which hasn't improved in the intervening 33+ years.

David Kaufman and I started work on the idea of network security with an encryption layer well before the start of the Blacker project. I know that we were well into encrypted layers and key management protocols by the mid '70's. (One of the issues that I remember was our concern with the growth of the size of datagrams when using self-synchronizing cryptography that required a synchronization preamble. We were into block-chaining. I think that that picture may suggest some of these concerns.)

I can't remember all the details of what went on top of what - I know that we at one time were thinking of TCP (red/unsecured) on top of an encryption layer on top of another TCP (black/unsecured) and that that middle layer evolved to be a datagram layer.

It isn't surprising that the idea of splitting out a datagram layer may have gotten stuck inside SDC - we were operating in a classified environment and the folks in the "Defense Department" kinda frowned on us talking to anybody but them. (I really got clobbered when I wrote about some of this stuff in 1980 in a letter to CACM - even though I had open sources for everything.)

We had the core of the blacker system running, or at least stumbling, by around 1977 or '78 [a year that forms a fairly bright bookmark because that's when I finished law school and took the bar exam - and cut my Moses-like beard] - After blacker I went on at SDC to a couple of years of capability based architectures and things like Peter Neuman's "Provably Secure OS" (which Frank Heinrich and I redesigned into something that could really run on a real hardware platform that we also designed. I left for Interactive Systems in 1980 or '81.)


Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

  By Date           By Thread  

Current thread:
  • Reapprove:berea Re: NSF and the Birth of the Internet David Farber (Aug 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]