Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site hou3c.UUCP Path: utzoo!watmath!clyde!burl!hou3c!WWB.TYM@OFFICE-2.ARPA From: WWB.TYM@OFFICE-2.ARPA (Bill Barns) Newsgroups: net.mail.headers Subject: Re: SMTP and authentication Message-ID: <399@hou3c.UUCP> Date: Wed, 7-Mar-84 13:30:00 EST Article-I.D.: hou3c.399 Posted: Wed Mar 7 13:30:00 1984 Date-Received: Fri, 9-Mar-84 01:20:45 EST Sender: ka@hou3c.UUCP (Kenneth Almquist) Lines: 33 To: RICH.GVT@OFFICE-2 Cc: Header-People@MIT-MC Yes, to expand a bit on your discussion: the authentication and security of AUTODIN I are derived from three things: physical security of the terminals and switches, encryption of data, and administrative procedures. If you could connect your terminal or PC into AUTODIN and type away, authentication would be out the window. One of the effects of the AUTODIN admin procedures is that it is generally impossible to get something transmitted without it going through the hands of someone other than the originator. There are exceptions to this, as well as the possibility of admin breakdowns. Message centers are supposed to maintain files of signatures of authorized releasers and all the message forms are supposed to be signed. As to the exceptions, there are a bunch of rules not worth repeating, but basically they are logged in a special way. The idea of using Internet for AUTODIN GENSER type traffic relies heavily on encryption. I haven't heard what the drafter/releaser procedures will be; I suspect no "official" decision has been made. Once you get the data "canned" with the right NSA techniques, there is no problem sending it down any pipe you want - Milnet, Arpanet, direct broadcast satellite, suit yourself. The interesting questions have to do with how you get your can of data sealed. I don't see it working with the style of mail-sending we use now; probably military installations will eventually be set up to let people "draft" items by a procedure similar to Internet "sending", but before being "released" they will have to go through some procedure similar to what is done to declassify a magtape, which basically means somebody else in a secure place will have to poke at it. There is a bunch of work in progress on retinal scanners and other gee whiz stuff, but I don't think you should plan on finding one on your desk any time soon. Back in '77 I was hearing that by 1984 the Pentagon would be full of Secure Office Terminals. It isn't (but yes, there has been some progress). Someday, probably, but not before all the Spectra-70's keel over. I think there will have to be one or more interim solutions. -b