Nice find, thanks for passing it on.
> Meanwhile, someone with a valid pointer to a DEC "Systems
> and Options" or "Networks and Communications" catalogue from
> the relevant era may be able to shed a little more light on
> the DESNC than I can.
No success with those documents but I found references to
DESNC in the following documents:
----
<
ftp://ftp.uni-mainz.de/pub/software/CERT/nist/nistgen/sp4rpt.txt>
"Prototyping SP4 - A Secure Data Network System Transport Protocol
Interoperability Demonstration Project"
(skip forward to "6.1 Establishing the SP4 Laboratory" to get to the
interesting bits)
----
<
http://decdoc.itsx.net/dec94mds/vaxctcg6.txt>
"Guidelines for VAXcluster System Configurations", September 1992
Ethernet VAXcluster configurations can include VAXstation CPUs that
are located outside secure areas. For truly stringent security
precautions, consider using Digital Ethernet Secure Network
Controller (DESNC) devices to connect these VAXstation CPUs to the
Ethernet. These devices encrypt packets traveling across the
Ethernet. You may want to locate all CPUs in secure areas, which is
usually the case for CI or DSSI VAXcluster systems.
----
<
http://securitydigest.org/rutgers/archive/1989/09>
scroll to bottom to see the following (I ignored the previous stuff)
----MESSAGE-BEGIN---- <1989092918531100>
From:
ishi...@ultra.enet.dec.com (Jim Ishikawa, DTN_293_5054) 1-OCT-1989 2:33:11
To: "
secu...@pyrite.rutgers.edu"@
decwrl.dec.com
Subj: [1546] RE: Encryption hardware/software available?
>The DEC encryption approach was described to me to have 2 significant defects:
>1. You have to have a VAX to use it.
While it is true that the security management software (VAX KDC) will only run
on a VAX system, only *one* VAX system is required on a network. Furthermore,
VAX KDC software will run on any VAX, including small ones like the MicroVAX
3100.
Digital's Ethernet Enhanced-Security System product set actually comprises two
separate products. In addition to the VAX KDC software, there is the DESNC
secure network controller.
The DESNC controllers are freestanding devices that provide a secure network
interface for client nodes. Client nodes may be any device that complies with
Ethernet or IEEE 802.3 standards. The network security manager uses one or
more VAX KDC systems to manage the DESNC controllers and their associated
client nodes on a network.
>2. Too much of the packet is encrypted, such that the packets can only pass
> thru bridges, and not routers.
It is true that DESNC encryption is done at the data-link layer, and as such,
encrypted packets can only be forwarded through routers after first decrypting
them. Of course, this means that DESNC controllers will support
vendor-independent, multiprotocol environments. Network-layer encryption
schemes, which allow packets to be forwarded through routers without
decryption, are generally restricted to a single network-layer protocol and
typically do not support other protocols that run directly on the data-link
layer protocol.
Jim Ishikawa
DEC
----MESSAGE-END----
----
<
http://odl.sysworks.biz/disk$vaxdocdec022/network/d33vaa65.p27.bkb>
Workstations Network Guide
1.8 Network Security: DESNC Secure Ethernet Controller
If your organization needs a secure environment for its
data processing operations, the DESNC product may be the
solution.
DESNC hardware and VAX KDC security management
software provide a security-enhanced local area network,
in which only authorized systems have access to sensitive
data. DESNC controllers and VAX KDC software can be
used on single segment, multisegment, or extended Ethernet
local area networks that use a variety of media including
ThinWire, baseband, and broadband cable.
The DESNC is a standalone, store-and-forward
cryptographic controller that provides a number of security
features, including...
Figure 1.3 off that page: <
http://odl.sysworks.biz/disk$vaxdocdec022/network/d33vaa65.p28.bkb#85>
----
The
odl.sysworks.biz website is something of a treasure trove, reaching
back to 1996 for Alpha, 1994 for VAX, and Jan-1991 for plain old VMS.
<
http://odl.sysworks.biz/swadm_dat_root/cddoc04jan1/library.html>
The Jan-1991 docset includes various software products that I recall
reading about but alas never got to use, for example DECdecision,
DECdesign, DECintact
--
A sure cure for sea-sickness is to sit under a tree.
-- Spike Milligan