Home / Blogs

Creating TLS: The Pioneering Role of Ruth Nelson

As often occurs in networking and cryptographic history, anecdotes and insularity conspire to mask how developments actually occurred, and seminal roles undertaken by women are forgotten or ignored. One of the notable examples of this proclivity occurred in the cybersecurity cryptology arena as it involves a critical platform known as the Transport Layer Security Protocol (TLS) and the pioneering role of Ruth Nelson.

In August 1986, the National Security Agency, the National Bureau of Standards, the Defense Communications Agency, and twelve communications and computer corporations initiated a special project called the Secure Data Network System (SDNS). The innovative research program focused on designing the next generation of secure computer communications network and product specifications to be implemented for applications on public and private internets. It was intended to complement the rapidly emerging new OSI internet standards moving forward both in the U.S. government’s GOSIP Profiles and in the huge ITU-ISO JTC1 internet effort internationally. Ruth Nelson headed the development of SDNS services and architecture group.

Ms. Nelson came to her pioneering TLS leadership role in the SDNS project during her professional career at the GTE Government Systems Corporation (GSC) in Waltham, Massachusetts, beginning in the 1970s. Both the GSC and Telenet in Reston, Virginia, were set up by BBN to serve as leading packet data networking research and commercial operating facilities—for both commercial and government customers—and then acquired by GTE. She came to the position through a path that began as a gifted young mathematician gaining entrance to MIT as one of a handful of women at that time.

She majored in “pure math” at MIT and attributes part of her subsequent involvement in network security to her understanding of the Bell-LaPadula machine-state model which used set theory notation and “she was probably the only project engineer who wasn’t intimidated by it.” After exposure to the many luminaries resident at MIT and graduating in three years, she spent the next four years pursuing a Ph.D. in mathematics before leaving to work at multiple innovative IT companies around Boston that included DEC and BBN—finally landing in the Electronic Defense Communications Directorate in Waltham to help lead one of the most far-reaching information security projects of the time.

It was the ultimate challenge. SDNS was intended to provide secure data communications services to a variety of DoD and commercial users. The services included key management and system management capability as well as the encryption, authentication, and access control of user data. During the concept definition phase, personnel from eleven contractors, NSA, NBS, and other government agencies participated in determining the security services to be offered, the system architecture, system management and access control requirements and mechanisms, and the key management and secure communications protocols.

Nelson’s ground-breaking network security work was first presented publicly the next year in September 1987 in her paper on “SDNS Services and Architecture” at the joint NSA NCSC - NBS National Computer Security Conference in Baltimore as chair of the SDNS Protocols and Signaling Working Group.

What was portrayed was visionary and groundbreaking—describing for the first time the combined use of protocols at link, network, transport and application layers under a common key management system (KMP) for “end-to-end encryption.” The focus was on both a Transport Layer Security (TLS) protocol designated SP4, and a Network Layer Security protocol designated SP3. They were designed to be internet protocol agnostic on both OSI CLNP and TCP/IP and facilitate interoperability between two platforms which were being used by the DOD. The protocol even enabled use on both connectionless and connection-oriented substrates.

In the months and years after Nelson’s pioneering 1987 NCSC conference paper on the work of her team, the implementations were proven in code among research community and vendors and in 1990 published as NISTIR 90-4250.

Her work to establish an effective, integrated network cybersecurity architecture, including the TLS Protocol was subsequently included in the U.S. governments GOSIP standards and brought into both the International Organization for Standardization and the ITU-T as essential network security standards that still exist today. In ITU-T and ISO, the SP4 protocol was renamed Transport Layer Security Protocol, and adopted as X.274| ISO/IEC 10736:1995.

During the 1990s, Ruth Nelson continued over the next ten years as one of the leading network security visionaries—making seminal presentations at both subsequent NSCS events and professional conferences. She whimsically entitled one of her more reflective papers “What is a Secret” in which she questioned some of the basic assumptions of computer security in the context of keeping secrets. Ultimately Nelson retired from what became the GTE Government Systems Division, consulted, and then joined the artistic community in Watertown, Massachusetts, where she pursues innovative photography.

Also in the 1990s, almost a decade after the pioneering work of Ruth Nelson and her team flowing from the NSA SDNS Project and its instantiation in international standards and products, a new generation of network entrepreneurs facing the challenges of using TCP/IP for public infrastructure, would realize the need for network security architectures and recreate their own TLS protocol variants.

Countless TLS technical specifications, profiles, granted patents, and products have emerged over the past twenty years that have served as a principal basis for cybersecurity today. However, largely unknown is the visionary foundational work of the energetic MIT woman mathematician named Ruth Nelson who was the self-described internet security architectures and protocols “ringleader” a decade earlier. Although never honored, her work remains a critical need of contemporary information networked society.

By Anthony Rutkowski, Principal, Netmagic Associates LLC

The author is a leader in many international cybersecurity bodies developing global standards and legal norms over many years.

Visit Page

Filed Under


Corrections and clarifications Anthony Rutkowski  –  Jan 25, 2019 4:28 PM

Although the GTE Government Systems Division in Waltham, Massachusetts, undertook subcontracted work for BBN, it was not started by BBN

.  The Division began as a Sylvania group and bought by GTE.  As indicated, Telenet was started by BBN and subsequently sold to GTE and provided government communications systems support. The “Electronic Defense Communications Directorate” was a typo in the NCSC 1987 paper and should have read Electronic Defense Communications Division.

Given the scale of the SDNS project, there were multiple people, companies and agencies involved.  The developed TLS protocol, SP4, was a group effort.  Ruth Nelson chaired the Protocols and Signalling Working Group and credits in her paper, everyone who was part of the team.  SP4 is described in the same NCSC 1987 proceedings in a paper following Nelson’s and authored by Dennis Branstad (NBS), Joy Dorman (DEC), Russell Housley (Xerox), and James Randall (IBM).

IHOF nomination? Dan York  –  Jan 30, 2019 3:37 PM


Thanks for highlighting these great contributions. Regarding your comment:

However, largely unknown is the visionary foundational work of the energetic MIT woman mathematician named Ruth Nelson who was the self-described internet security architectures and protocols “ringleader” a decade earlier. Although never honored, her work remains a critical need of contemporary information networked society.

I would note that nominations for the Internet Hall of Fame (IHOF) are now open until March 8, 2019. If you, or others who read this, want to go through the nomination process, this might be a way to raise the visibility of her work.

(Disclosure: I am employed by the Internet Society, who supports the IHOF, but I have no involvement with any of the IHOF processes.)

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byDNIB.com

New TLDs

Sponsored byRadix

Threat Intelligence

Sponsored byWhoisXML API


Sponsored byVerisign