[ih] The invention of what we now call NAT

[Karl Auerbach]

In the mid 1970's our group (Dave Kaufman, Frank Heinrich, etc, and 
myself, under the management of Gerry Cole and Clark Weissman) at SDC 
(System Development Corporation) worked on a then classified project. 
(We worked with various US based agencies and a bit with RSRE in the UK 
- where I had the privilege of getting to do some work with Donald Davies.)

We didn't do NAT in the sense of doing address translation.  Rather we 
created an entire overlay network with its own IP address space.  (This 
was done in the very early days of TCP - before the formal development 
of IP, although we arrived at the same conclusion as others, that there 
ought to be some sort of formalized datagram layer underneath TCP - we 
used that notion of an underlying layer as a way to insert our security 
system.  What was strange to today's eyes was that we used an underlying 
TCP based network as our datagram layer, so we effectively ended up with 
TCP over TCP.)

Our architecture included what we would today call a "tunnel". 
(Actually, many encrypted tunnels, each with its own security level, 
plus a key management system.)

We actually built it, it worked, and I heard that it was put into actual 
worldwide production.  (My group did most of the security kernel 
design/implementation, David, and if I remember correctly, along with 
Carl Sunshine, did more of the protocol design, and Frank, David, and I 
collaborated on the key management and access control system.  Security 
policy and software verification was done by Marv Schaeffer, Hillary O., 
Val Schorre, Tom Hinke, John Schied - I am sure I misspelled several of 
those names.)

I've chatted with Dave Kaufman about this and we both are quite unclear 
whether, even today, fifty years later, we can say much about what we 
designed and implemented.

(On a personal basis, my mind wonders how I managed to do all of this 
while at the same time attending law school.)

	--karl--