[ih] Security issues are not discussed in this memo [was: A revolution...]

Barbara Denny b_a_denny at yahoo.com
Mon May 11 00:12:39 PDT 2026 

 I know there was a lot of early work on security. I wasn't involved.  I just heard names of things floating about. Here are a couple wikipedia links to things i remember  when i was starting in networking
https://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteria
https://en.wikipedia.org/wiki/ARPANET_encryption_devices
There might interesting stories about interactions with the NSA but i don't know any of them
BTW, i am also pretty sure there was a packet radio produced that had TRANSEC but i never worked with it. (Upgraded Packet Radio?). I only had to secure the SINCGARS radio link with encryption keys for one demo at Fort Gordon (Hurricane Hugo timeframe).   FYI, Packet radios used direct-sequence spread spectrum while SINCGARS used frequency hopping.
Not to forget Peter Neumann (SRI). He has been working in this space a long time so he would be a good person to contact.  He has made lots of contributions. Last i heard he is still at SRI. I think you will find lots of his papers, including several papers on  IDES (Intrusion-Detection Expert System). This paper might be a good place to start for that particular effort.
Jeffery R Host, "The march of IDES: early history of intrusion-detection expert systems",IEEE Annals of the History of Computing 38 (4), 42-54, 2015
barbara
    On Sunday, May 10, 2026 at 11:59:29 PM PDT, Brian E Carpenter via Internet-history <internet-history at elists.isoc.org> wrote:  
 
 According to https://www.ietf.org/about/groups/iesg/past-members/, that means about October 1989.

Regards/Ngā mihi
    Brian Carpenter

On 11-May-26 18:07, Steve Crocker wrote:
> When the Security Area was created, I volunteered  and was accepted as the Area Director.  IIRC, I suggested making Security Considerations a required section in standards documents.
> 
> It was not limited to crypto issues.
> 
> Steve
> 
> Sent from my iPhone
> 
>> On May 11, 2026, at 12:31 PM, Brian E Carpenter via Internet-history <internet-history at elists.isoc.org> wrote:
>>
>> On 11-May-26 12:09, Greg Skinner via Internet-history wrote:
>> ...
>>> I’m not sure what Andrew Sullivan meant by “give away.” IMO, the USG had a much more liberal attitude towards 1970s and 1980s Internet technology, as well as the Internet itself, than it did towards cryptographic technology at that time.  The history of PGP <https://en.wikipedia.org/wiki/Pretty_Good_Privacy> provides an example of this.  If the Internet and/or Internet technology had been subject to tighter access and export controls, neither might have (as easily) become what they are today.  (I realize there is a lot more to this, and would welcome others who have much more experience than I do in this area to comment.)
>>
>> When did people start to think seriously about security (which is much more than cryptography, of course)?
>>
>> It was RFC 1311 (March 1992) that introduced the infamous phrase "Security issues are not discussed in this memo" which was used quite liberally for a long time. "Security Considerations" sections in RFCs seem have become normal around 1989, but most of them were very weak for many years. (At CERN, we saw elementary attacks from about 1986, mainly via DECNET, and we first appointed a network security person in about 1988.)
>>
>> Of course, by the time the PGP mess came along, it was clear that NSA and its friends were taking a lot of interest in the Internet, and we poked the hornet's nest in the mid-1990s with RFC 1984. But DARPA funding was gone by then.
>>
>> Regards/Ngā mihi
>>    Brian Carpenter

More information about the Internet-history mailing list