Steve, Yes, I thought of the DESNC after I wrote my message. There is a paper on it in the 12th NCSC proceedings, but I am missing that year. I agree that it almost certainly provided for selective bypass on a host address (in this case a MAC layer address) basis. It relied on a KDC, which probably incorporated the access control database as well. Steve