Re: Thought on data encryption on networks


Mike Muuss (mike@BRL.ARPA)
Fri, 4 Apr 86 15:26:57 EST


There are two levels of protection that you require:

*) Link-level protection, to keep people from disrupting your local cable(s).

*) End-to-End protection, to keep your conversation private even if
some (or all) of the cables that carry the conversation are not protected.

Link-level protection is a local issue -- if you can find a vendor who will
sell you, say, Ethernet cards with 10 Mbps DES encryption built in, you
could replace all the boards on your cable(s), and be protected.

End-to-end protection will only work if both ends are expecting it.
As there is presently no presentation level (ISO level 6) encryption
defined for the TCP protocol family, you won't be able to use this
very well. (Let me encourage you to consider how to optionally
negotiate in end-to-end encryption on top of a TCP connection, and
write up an RFC!) Also, note that this will probably have to be a
software implementation, so that it can be specified for, and added
to, all the existing TCP implementations. This may have a performance
impact.

There is also the issue of key management, which in a relatively static
system like the DARPA Internet (as opposed to a tactical network) is
fairly easy to implement (tedious, but possible).

Note that for the military community, the BLACKER system addresses the
end-to-end needs, as well as the key management issues. Link-level
encryption is still the responsiblity of the individual link managers.

        -Mike



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:36:05 GMT