[ih] Fwd: Question - reference source for formal decommissioning of ARPANET in 1990?
Karl Auerbach
karl at cavebear.com
Sun Dec 6 14:13:51 PST 2020
Unfortunately we've never been given clarification about how much we can
say, even though the work is more than 40 years old. (Those three letter
agencies in Maryland tend to like to err (and oh, how much) on the side
of over-protection, even after decades and decades have passed.)
This much I can say: we had operational multi-level secure flows via TCP
a few years before the NCP-TCP cut over.
Yes this was before things regarding TCP and IP had been fully
developed, and there weren't a lot of implementations out there.
(Although I do remember with a bit of amusement a Univ of Illinois
approach to TCP on Unix that swapped between a "small deamon" and "large
deamon" on a memory starved PDP-11.)
If I remember correctly each TCP stream was protected by its own
distinct key. But the protection was applied to packet contents, not
to the contents of the TCP stream. Our prototype work used the then
relatively new DES. Since we were applying it to network packets
underneath TCP we had to deal with packet loss, duplication, and
re-ordering. So we came up with various ways of using DES (such as
various kinds of feedback chaining) and questions that seemed to really
irk the gov't folks - who were decidedly, but understandably, non
responsive about the mathematics.)
(You would not be going awry if words like "IPSEC", "VLAN", "TOR" pop
into your heads.)
Later on there was the normal panoply of tempest boxes (not made by BBN)
with lots and lots of wire mesh foam at every possible RF leakage point.
I helped on the overall design; Dave Kaufman did much of the heavy
lifting on that. I designed the security kernel (that was subject to
early formal verification) and led the implementation group. (We
started with UCLA Data Secure Unix. It's performance was so slow that
you could type "date" on the console, go to lunch, and it would just be
finishing printing the result when you got back. I think the only code
we retained was a tiny bit of recursive assembly code that expanded
terminal output [including tab expansion, hence the recursion].)
(There was a bit of an amusing story of how we did the actual transfer
of the Data Secure Unix source code from UCLA to SDC - we ended up
getting copies of the entire disk drives at UCLA. So we also got all of
Jerry Popek and Lennie Kleinrock's work (including drafts) and lots of
other stuff that we carefully avoided looking at.)
I heard that our system of secure TCP was in actual day-to-day use by
the US State Department for a rather long time.
I was part of a team that designed and built this stuff at SDC in the
mid-to-late 1970's. Other team members were Val Schore, John Scheid,
Jan Garwick (he was present only at the beginning), Marv Schaeffer,
Gerry Cole, David Kaufman, Frank Heinrich, Dave Golber, Hillary (can't
remember her last name, but she went on with Marv to develop the Orange
book of computer security), Jerry Simon, Carl Switzky (sp), Josie
Althaus. Carl Sunshine, Whit Diffie (before public-key), and Vint were
also involved. We also got some help from folks (who later formed
Interactive Systems) down the street at RAND.
I can't remember whether it was this project or another, but we had
significant linkage to RSRE in Malvern in the UK. (Such a pretty train
station - and we played croquette most days after lunch.)
We were designing a capability based computer - we were strongly
influenced by the Plessey designs - to support secure network systems.
That work also involved John Rushby and Peter Neumann at SRI. (It only
took 30 years, but eventually I convinced Peter N. that the only way to
build a practical capability system was with short term-capabilities
that could be garbage collected rather than permanent capabilities.) It
was on this project where I got to do a bit of work with Donald Davies.
Dave Kaufman and I pounded our heads trying to figure out how to extend
capability architectures onto the network. Because we were influenced
by Farber's DCS we did not want to draw a strong distinction between an
individual computer with pieces tied together via an internal bus and a
distributed computer where the "buss" was formed out of network links.
(It's too bad public key had not been invented yet.)
===
We did a lot of really good stuff back then - In a sense we invented the
encrypted VLAN and various aspects of key distribution and management,
including what are now called "trusted platform modules". We also made
a lot of progress on encapsulated systems, security kernels, formalized
security models, and verification. But it was all locked up behind
national security classification walls.
It has been rather frustrating for me to watch, over the intervening
decades, how our work was slowly re-invented. I've often wondered
whether we might have been better served and the security of our our
present more advanced had our work been visible to the public.
===
(Regarding that large/small deamon code - I remember once visiting a
Defense Communications A*** facility in Reston. I needed to put some
fresh software onto one of the PDP-11s running that Univ of Illinois
code. But the operators in Champaign Urbana were not forthcoming about
giving me the needed privileges - so [with permission of the DCA people]
I said - "Hey guys, you are 700 miles away. I'm standing next to the
machine and have my hands on its console and switches. I win." So I
rebooted it into single user mode, did my work, rebooted back to normal
operation, and said "TTFN" on my way out.)
--karl--
On 12/6/20 7:52 AM, Dan Lynch via Internet-history wrote:
> Andy, I knew there were exceptional cases and that BBN was the watchdog. I had heard a rumor that many military sites were running classified applications on NCP and would probably never be able to use TCP.
>
> Dan
>
> Cell 650-776-7313
>
>> On Dec 5, 2020, at 8:50 AM, Andrew G. Malis <agmalis at gmail.com> wrote:
>>
>>
>> Dan,
>>
>> I managed the NCP->TCP transition on the ARPANET that started on 1/1/83. I wrote the IMP code that enforced the transition by adding a filter to drop NCP packets, which was managed on a host-by-host basis. We had an official list from DARPA of hosts that were approved to continue using NCP. I spent New Year's Day in the NOC, turning off NCP for unapproved hosts, and I fielded calls from unhappy site managers as their NCP traffic stopped flowing (as they had been warned many times). I told them the process of how to contact DARPA to at least temporarily get on the approved list, and I turned the filters off and back on as directed by DARPA. Sadly, I don't recall when we finished the process of turning on the NCP filter for all hosts.
>>
>> Cheers,
>> Andy
>>
>>
>>> On Fri, Dec 4, 2020 at 7:31 PM Dan Lynch via Internet-history <internet-history at elists.isoc.org> wrote:
>>> I only use real data😂🙀
>>>
>>> Dan
>>>
>>> Cell 650-776-7313
>>>
>>>> On Dec 4, 2020, at 4:26 PM, Dave Crocker <dhc at dcrocker.net> wrote:
>>>>
>>>> On 12/4/2020 4:22 PM, Dan Lynch via Internet-history wrote:
>>>>> It amazes me to hear there were sites still running NCP in the late 80s in Texas.
>>>> A reference like that, about Texas, affords such a target-rich opportunity, I'm overwhelmed.
>>>>
>>>> d/
>>>>
>>>> --
>>>> Dave Crocker
>>>> Brandenburg InternetWorking
>>>> bbiw.net
>>> --
>>> Internet-history mailing list
>>> Internet-history at elists.isoc.org
>>> https://elists.isoc.org/mailman/listinfo/internet-history
More information about the Internet-history
mailing list