[ih] The invention of what we now call NAT

[Jack Haverty]

Hi Karl,

That TCP-over-TCP architecture from such projects was probably the 
inspiration for the Internet-over-X.25World that I just described in 
another post.   I remember occasionally running into DaveK at various 
meetings.

TCP was probably unique in its design to take anything, even a different 
"internet", or avian network or anything that could deliver bits from 
point A to B despite the presence of marauding hawks, and use it as a 
component piece of "The Internet".

There's some discussion of those projects in these 1983 documents:

https://apps.dtic.mil/sti/tr/pdf/ADA152524.pdf
https://apps.dtic.mil/sti/tr/pdf/ADA162888.pdf

These are publicly available now, so it seems it must be OK.   They 
describe how the US DoD was dealing with security and privacy concerns 
in 1983 that were important in military situations. Contrary to some 
posts I've seen, there was a lot of work and thinking about security.

I've often wondered about that part of the Internet History - especially 
how things progressed from those 1983 plans for the Defense Data Network 
to today's use of smartphones and Signal.  But you probably can't say 
much about it....

Jack

On 4/22/25 13:17, Karl Auerbach via Internet-history wrote:
> In the mid 1970's our group (Dave Kaufman, Frank Heinrich, etc, and 
> myself, under the management of Gerry Cole and Clark Weissman) at SDC 
> (System Development Corporation) worked on a then classified project. 
> (We worked with various US based agencies and a bit with RSRE in the 
> UK - where I had the privilege of getting to do some work with Donald 
> Davies.)
>
> We didn't do NAT in the sense of doing address translation. Rather we 
> created an entire overlay network with its own IP address space.  
> (This was done in the very early days of TCP - before the formal 
> development of IP, although we arrived at the same conclusion as 
> others, that there ought to be some sort of formalized datagram layer 
> underneath TCP - we used that notion of an underlying layer as a way 
> to insert our security system.  What was strange to today's eyes was 
> that we used an underlying TCP based network as our datagram layer, so 
> we effectively ended up with TCP over TCP.)
>
> Our architecture included what we would today call a "tunnel". 
> (Actually, many encrypted tunnels, each with its own security level, 
> plus a key management system.)
>
> We actually built it, it worked, and I heard that it was put into 
> actual worldwide production.  (My group did most of the security 
> kernel design/implementation, David, and if I remember correctly, 
> along with Carl Sunshine, did more of the protocol design, and Frank, 
> David, and I collaborated on the key management and access control 
> system.  Security policy and software verification was done by Marv 
> Schaeffer, Hillary O., Val Schorre, Tom Hinke, John Schied - I am sure 
> I misspelled several of those names.)
>
> I've chatted with Dave Kaufman about this and we both are quite 
> unclear whether, even today, fifty years later, we can say much about 
> what we designed and implemented.
>
> (On a personal basis, my mind wonders how I managed to do all of this 
> while at the same time attending law school.)
>
>     --karl--
>
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://elists.isoc.org/pipermail/internet-history/attachments/20250422/08d9ebb1/attachment-0001.asc>