[ih] Separation of TCP and IP

Fri Jun 24 19:47:15 PDT 2022

On 6/23/22 12:15 AM, Noel Chiappa via Internet-history wrote:
> I'm interested in finding out more about the process by which TCP and IP were
> separated:]

Sorry for jumping in so late (I have been in the Rockies for a couple of 
weeks.)

Back in 1974 our group at SDC was working for an unnamed three letter 
agency trying to coax end-to-end, per-session encryption into a very 
early TCP based network.

TCP had not gelled at that time, but it was clearly the path to the future.

We had already been doing a lot of datagram/packet encryption. We 
usually added a wrapper header to contain the needed information to 
maintain crypto key selection and synchronization despite packet loss, 
duplication, or resequencing.  We were not permitted to talk much about 
this stuff - the boundaries were not clear but parts were definitely 
protected by US military security classifications.  A lot of our effort 
involved things like how to build systems with "safe" control paths 
between "red" and "black" zones.  We did a lot with formal verification 
and, my specialty, capability based hardware and operating systems.

As part of our work we came to the conclusion that given the 
capabilities of hardware of that era that we didn't really want to bulk 
encrypt an entire TCP data flow as one object. That could have required 
a lot of storage and it created problems for interactive sessions where 
the content wasn't fixed before the connection was set up.

So we decided that it would be easier to carve TCP into two parts - an 
upper part concerned with sequencing, flow control, and data integrity, 
and a lower part that pretty much just did datagrams. In between we 
would insert a security layer - somewhat resembling IPSEC (but that had 
to be independently invented later by others because we couldn't publish.)

I do have a photograph of a blackboard that was done at SDC by myself 
and Vint on the evening of Dec 31, 1974 - New Year's Eve: we had such 
dedication! ;-)

It's hard to read, especially the part in blue chalk, but we were 
envisioning that intermediate layer and using a kind of packet-to-packet 
crypto synchronization and integrity protection that could have been 
called "block chaining".  I wonder where I have heard that phrase 
recently?  (The phrase "IH" in the photo means "Initialization Header".)

Here's a link to that photo:

https://www.cavebear.com/images/karl/tcp-1974-5782x3946.jpg

(This was before public-key crypto, so we tended to use things like DES, 
although in the real implementations all of that was inside a very 
opaque box that we were not allowed to physically touch.)

We actually implemented this stuff and it was actually deployed and used 
for a couple of decades.

I suspect that our work, being done behind security walls and not 
publicly published,  had little influence on the later formal split of 
IP from TCP.  But it does add to notion that ideas often have many parents.

         --karl--