[ih] The invention of what we now call NAT
Jack Haverty
jack at 3kitty.org
Tue Apr 22 14:25:11 PDT 2025
Hi Karl,
That TCP-over-TCP architecture from such projects was probably the
inspiration for the Internet-over-X.25World that I just described in
another post. I remember occasionally running into DaveK at various
meetings.
TCP was probably unique in its design to take anything, even a different
"internet", or avian network or anything that could deliver bits from
point A to B despite the presence of marauding hawks, and use it as a
component piece of "The Internet".
There's some discussion of those projects in these 1983 documents:
https://apps.dtic.mil/sti/tr/pdf/ADA152524.pdf
https://apps.dtic.mil/sti/tr/pdf/ADA162888.pdf
These are publicly available now, so it seems it must be OK. They
describe how the US DoD was dealing with security and privacy concerns
in 1983 that were important in military situations. Contrary to some
posts I've seen, there was a lot of work and thinking about security.
I've often wondered about that part of the Internet History - especially
how things progressed from those 1983 plans for the Defense Data Network
to today's use of smartphones and Signal. But you probably can't say
much about it....
Jack
On 4/22/25 13:17, Karl Auerbach via Internet-history wrote:
> In the mid 1970's our group (Dave Kaufman, Frank Heinrich, etc, and
> myself, under the management of Gerry Cole and Clark Weissman) at SDC
> (System Development Corporation) worked on a then classified project.
> (We worked with various US based agencies and a bit with RSRE in the
> UK - where I had the privilege of getting to do some work with Donald
> Davies.)
>
> We didn't do NAT in the sense of doing address translation. Rather we
> created an entire overlay network with its own IP address space.
> (This was done in the very early days of TCP - before the formal
> development of IP, although we arrived at the same conclusion as
> others, that there ought to be some sort of formalized datagram layer
> underneath TCP - we used that notion of an underlying layer as a way
> to insert our security system. What was strange to today's eyes was
> that we used an underlying TCP based network as our datagram layer, so
> we effectively ended up with TCP over TCP.)
>
> Our architecture included what we would today call a "tunnel".
> (Actually, many encrypted tunnels, each with its own security level,
> plus a key management system.)
>
> We actually built it, it worked, and I heard that it was put into
> actual worldwide production. (My group did most of the security
> kernel design/implementation, David, and if I remember correctly,
> along with Carl Sunshine, did more of the protocol design, and Frank,
> David, and I collaborated on the key management and access control
> system. Security policy and software verification was done by Marv
> Schaeffer, Hillary O., Val Schorre, Tom Hinke, John Schied - I am sure
> I misspelled several of those names.)
>
> I've chatted with Dave Kaufman about this and we both are quite
> unclear whether, even today, fifty years later, we can say much about
> what we designed and implemented.
>
> (On a personal basis, my mind wonders how I managed to do all of this
> while at the same time attending law school.)
>
> --karl--
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://elists.isoc.org/pipermail/internet-history/attachments/20250422/08d9ebb1/attachment-0001.asc>
More information about the Internet-history
mailing list