mailing list archives
Reapprove:berea Re: NSF and the Birth of the Internet
From: David Farber <dave () farber net>
Date: Wed, 20 Aug 2008 19:09:58 -0400
Begin forwarded message:
From: Jim Thompson <jim () netgate com>
Date: August 20, 2008 5:09:54 AM EDT
To: Vint Cerf <vint () google com>
Cc: Karl Auerbach <karl () cavebear com>, Dave Farber <dave () farber net>, skent () bbn com
, gnu () toad com
Subject: Re: [IP] Re: NSF and the Birth of the Internet
This may be relevant: http://www.toad.com/gnu/netcrypt.html
Paul Lambert, palamber () us oracle com
Approching for network layer encryption have been openly published
before the work in the IETF.
The research and development of "Network Security" started in the late
70's at BBN with the development of the "IPLI". Classified research
and development continued in this area on the Blacker (Unisys) and
Caneware (Motorola) programs in the early 80's. The NSA sponsored
Secure Data Network System (SDNS) project brought together a variety
of vendors that created the early SP3, KMP and MSP specifications. SP3
provided network layer security services that included a tunneling
mode. SP3 is very similar to the IPsec working group ESP
specification. The Key Management Protocol (KMP) is similar to the
ISAKMP specification in concept, but used ASN.1 for specifying the
protocol formats. Much of the SDNS work was openly published starting
in about 1988. The Motorola Network Encryption System (NES) is an SDNS
device and was designed in the mid to late 80's.
The SDNS specification for SP3 was submitted to the ANSI and ISO
standards committees and mutated into the Network Layer Security
Protocol (NLSP). NLSP included a network layer key establishment
protocol that served as a starting point for some of the current IPsec
key management proposals.
An important early paper on network security was written by Dave
Golber (Unisys at the time) on the "Dual versus Single Catenet
Security Model" (about 1983). There are a variety of SP3 security
papers written in 1988 and 1989.
So, there is a lot of prior art for network encryption. Most of the
major wrinkles in the technology were worked out in the late 80's by
projects sponsored by the NSA and openly published to help create
"good" security standards.
Howard Weiss, hsw () columbia sparta com
Actually, the PLI (Private Line Interface) was developed by BBN in the
early '70s. The IPLI was to be its "modern" successor. It consisted of
a classified-side (red) processor, a KG-30 encryption box, and an
unclassified-side (black) processor. It was evaluated and certified by
NSA around late-1975 or early-1976. Its function was to allow
classified traffic to flow, encrypted, over the ARPAnet. This meant,
at the time, that ARPAnet NCP headers remained in the clear while the
data payload was encrypted. COINS (Consolidated On-line Intelligence
Network) used the PLI to connect a distant node via the ARPAnet in
order to save the line charges for the then, very expensive 50KB lines.
Steve Kent, kent () bbn com
As one who participated somewhat more directly in the history of this,
let me refine some of Paul's comments. The first packet encryptor was
the PLI (not IPLI) developed in the early 70s by BBN under DARPA
funding. It was approved by NSA for limited deployment on the ARPANET,
to protect classified data being sent by DoD folks, starting in 1975
(a somewhat more sophisticated version was approved for use in 1976).
Due to the restrictions imposed by use of government COMSEC equipment
(KG-34), this was a manually keyed system.
In the 1975-1980 timeframe, BBN and the Collins Radio division or
Rockwell developed and did limited deployment of the BCR, also under
DARPA funding, as an experimental network encryption device. The BCR
worked in the TCP/IP protocol environment, used the first NBS-
certified DES chips, and had automated, KDC-based key management and
access control (the same model later adopted by Kerberos and Blacker).
The BCR underwent substabtial performance testing in 1980-81, before
being retired. Later, DES-based network security devices were design
and some were built as prototypes for DARPA in the early 80s,
experimentin with higher speed network connections (Ethernet) and
newer versions of protocols (IPv4 vs. IPv3).
The first Blacker program also began in the late 70's, funded by NSA
with work done by SDC (software) and Burroughs (hardware). It too made
use of centralized key management and access control. The followon
program, designed to produce a product (vs. a proof-of-concept demo)
was awarded to Unisys (merged SDC and Burroughs) in the early 80s, but
it did not produce fielded devices until the late 80s. The fielded
Blacker was revolutionary in its use of a single processor design with
the (custom) crypto as a peripheral on the internal bus. It was
designed to be a very high assurance (A1) system.
If Blacker began in the late 70s, (as Steve states), funded by NSA,
and work being done by SDC and Burroughs, then a blackboard written on
Dec 31, 1975, marked "save until January 10, 1975" is unlikely to be
about Blacker, or BCR.
The earlier quote from Karl was:
Take a look at the following URL for a photo of a a blackboard when
Vint and I worked late into the evening of Dec 31, 1974 on the
insertion of an encrypting security layer between IP and TCP - http://www.cavebear.com/archive/cavebear/photos/tcpip.gif
(I really do need to do a better re-scan that 35mm slide.)
The slide/photo also appears to have "G. Cole" two names below Karl's.
On Aug 19, 2008, at 7:50 PM, Vint Cerf wrote:
it is possible that the BCR work (predecessor to Blacker) used an
initial TCP format that did not split out IP.
I don't think the term "IP" emerged until 1977.
Steve Kent may recall the specifics of the initial BCR format, I
have copied him on this note. If it is the case that the system ran
on TCP-only initially, then we might surmise that your slides
somehow referenced only TCP. Did you say earlier that the slide said
TCP/IP specifically? that would sound like an anachronism.
On Aug 19, 2008, at 9:06 PM, Karl Auerbach wrote:
Vint Cerf wrote:
Karl et al,
Dec 31 1974 would have literally the date of the first TCP spec,
RFC 675. I don't think I began working on the BCR stuff with NSA
until 1975 and Blacker came later.
Is it possible you are off a couple of years, Karl? we didn't
split IP off until 1977 with version 3 and then version 4 of TCP/IP.
I just went and looked at the 35mm slide and it has "Jan 1975"
embossed into the frame. And I do remember from the strangeness of
the context that it was New Years eve. Also, the photo has "Save
until Jan 10, 1975" on it in the upper right corner in my scratchy
script which hasn't improved in the intervening 33+ years.
David Kaufman and I started work on the idea of network security
with an encryption layer well before the start of the Blacker
project. I know that we were well into encrypted layers and key
management protocols by the mid '70's. (One of the issues that I
remember was our concern with the growth of the size of datagrams
when using self-synchronizing cryptography that required a
synchronization preamble. We were into block-chaining. I think
that that picture may suggest some of these concerns.)
I can't remember all the details of what went on top of what - I
know that we at one time were thinking of TCP (red/unsecured) on
top of an encryption layer on top of another TCP (black/unsecured)
and that that middle layer evolved to be a datagram layer.
It isn't surprising that the idea of splitting out a datagram layer
may have gotten stuck inside SDC - we were operating in a
classified environment and the folks in the "Defense Department"
kinda frowned on us talking to anybody but them. (I really got
clobbered when I wrote about some of this stuff in 1980 in a letter
to CACM - even though I had open sources for everything.)
We had the core of the blacker system running, or at least
stumbling, by around 1977 or '78 [a year that forms a fairly bright
bookmark because that's when I finished law school and took the bar
exam - and cut my Moses-like beard] - After blacker I went on at
SDC to a couple of years of capability based architectures and
things like Peter Neuman's "Provably Secure OS" (which Frank
Heinrich and I redesigned into something that could really run on a
real hardware platform that we also designed. I left for
Interactive Systems in 1980 or '81.)
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
- Reapprove:berea Re: NSF and the Birth of the Internet David Farber (Aug 20)