[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Network Layer Encryption History and Prior Art

As part of his comprehensively informative history message, Steve
wrote, excerpting:

>        The SDNS program (1986-91) developed protocols for layers 3 & 4 and
>for e-mail secruity and realtime key management.  It included the notion
>that selective encryption could be employed (e.g., on an address-pair
>basis).  I would check the SP3 specs sent to NIST in the late 80s for
>reference to this particular facility, since that seems to be the critical

The proceedings of the 10th National Computer Security Conference
(September 1987) included a set of papers about the SDNS program.  I
wrote one of them, "SDNS Products in the Type II Environment" (the
phrase "Type II" referring in this parlance to anticipated usage for
protection of commercial and Government unclassified sensitive
information).  On page 163 of the proceedings, this paper stated,
"... As a specific example, it will be common for SDNS-secured Type II
hosts to communicate not only with other SDNS-secured hosts, but also
with unsecured hosts.  This implies that Type II SDNS components must
accomodate selective application of encryption, either on an
address-driven basis or on request from an associated host."  Although
this paper's level was discussion of issues and requirements, not
detailed design or implementation, I believe this validates the
concept's visibility in at least one piece of published literature as
of 1987.