Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site hou3c.UUCP
Path: utzoo!watmath!clyde!burl!hou3c!WWB.TYM@OFFICE-2.ARPA
From: WWB.TYM@OFFICE-2.ARPA (Bill Barns)
Newsgroups: net.mail.headers
Subject: Re: SMTP and authentication
Message-ID: <399@hou3c.UUCP>
Date: Wed, 7-Mar-84 13:30:00 EST
Article-I.D.: hou3c.399
Posted: Wed Mar  7 13:30:00 1984
Date-Received: Fri, 9-Mar-84 01:20:45 EST
Sender: ka@hou3c.UUCP (Kenneth Almquist)
Lines: 33
To: RICH.GVT@OFFICE-2
Cc: Header-People@MIT-MC

Yes, to expand a bit on your discussion: the authentication and security of 
AUTODIN I are derived from three things: physical security of the terminals and 
switches, encryption of data, and administrative procedures.  If you could 
connect your terminal or PC into AUTODIN and type away, authentication would be 
out the window.

One of the effects of the AUTODIN admin procedures is that it is generally 
impossible to get something transmitted without it going through the hands of 
someone other than the originator.  There are exceptions to this, as well as the
possibility of admin breakdowns.  Message centers are supposed to maintain files
of signatures of authorized releasers and all the message forms are supposed to 
be signed.  As to the exceptions, there are a bunch of rules not worth 
repeating, but basically they are logged in a special way.

The idea of using Internet for AUTODIN GENSER type traffic relies heavily on 
encryption.  I haven't heard what the drafter/releaser procedures will be; I 
suspect no "official" decision has been made.  Once you get the data "canned" 
with the right NSA techniques, there is no problem sending it down any pipe you 
want - Milnet, Arpanet, direct broadcast satellite, suit yourself.  The 
interesting questions have to do with how you get your can of data sealed.  I 
don't see it working with the style of mail-sending we use now; probably 
military installations will eventually be set up to let people "draft" items by 
a procedure similar to Internet "sending", but before being "released" they will
have to go through some procedure similar to what is done to declassify a 
magtape, which basically means somebody else in a secure place will have to poke
at it.

There is a bunch of work in progress on retinal scanners and other gee whiz 
stuff, but I don't think you should plan on finding one on your desk any time 
soon.  Back in '77 I was hearing that by 1984 the Pentagon would be full of 
Secure Office Terminals.  It isn't (but yes, there has been some progress).  
Someday, probably, but not before all the Spectra-70's keel over.  I think there
will have to be one or more interim solutions.  -b