[ih] Security issues are not discussed in this memo [was: A revolution...]

Leonard Kleinrock lk at cs.ucla.edu
Mon May 11 17:27:28 PDT 2026 

Ha!  So the “debug" command became a “bug"!  

> On May 11, 2026, at 4:50 PM, the keyboard of geoff goodfellow via Internet-history <internet-history at elists.isoc.org> wrote:
> 
> vis-a-vis the Morris worm released in November 1988:
> 
> The Berkeley Hillside Club on Feb 24, 2022 had a Fireside Meeting with Eric
> Allman -- the programmer who developed sendmail "... about those early,
> heady days as electronic communication began to be an essential part of all
> of our lives. This conversation will discuss the origins of sendmail, the
> attitudes of the time, and how the Internet grew and changed over the
> years."
> 
> During this Fireside Meetings Q&A yours truly asked Eric:
> 
> *"Could you give some backstory about the sendmail DEBUG command that
> contributed to the Morris Internet Worm incident of 1988?"*
> 
> his backstory reply is queued below at the 51:15 minute mark:
> 
> https://youtu.be/j6h-jCxtSDA?si=EepWGNh4Yv5ckv1l&t=3075
> 
> g
> 
> On Mon, May 11, 2026 at 2:10 PM Greg Skinner via Internet-history <
> internet-history at elists.isoc.org> wrote:
> 
>> On May 10, 2026, at 9:31 PM, Brian E Carpenter <
>> brian.e.carpenter at gmail.com> wrote:
>>> 
>>> On 11-May-26 12:09, Greg Skinner via Internet-history wrote:
>>> ...
>>>> I’m not sure what Andrew Sullivan meant by “give away.” IMO, the USG
>> had a much more liberal attitude towards 1970s and 1980s Internet
>> technology, as well as the Internet itself, than it did towards
>> cryptographic technology at that time.  The history of PGP <
>> https://en.wikipedia.org/wiki/Pretty_Good_Privacy> provides an example of
>> this.  If the Internet and/or Internet technology had been subject to
>> tighter access and export controls, neither might have (as easily) become
>> what they are today.  (I realize there is a lot more to this, and would
>> welcome others who have much more experience than I do in this area to
>> comment.)
>>> 
>>> When did people start to think seriously about security (which is much
>> more than cryptography, of course)?
>>> 
>>> It was RFC 1311 (March 1992) that introduced the infamous phrase
>> "Security issues are not discussed in this memo" which was used quite
>> liberally for a long time. "Security Considerations" sections in RFCs seem
>> have become normal around 1989, but most of them were very weak for many
>> years. (At CERN, we saw elementary attacks from about 1986, mainly via
>> DECNET, and we first appointed a network security person in about 1988.)
>>> 
>>> Of course, by the time the PGP mess came along, it was clear that NSA
>> and its friends were taking a lot of interest in the Internet, and we poked
>> the hornet's nest in the mid-1990s with RFC 1984. But DARPA funding was
>> gone by then.
>>> 
>>> Regards/Ngā mihi
>>>  Brian Carpenter
>> 
>> From what I remember, there were various mailing lists and newsgroups
>> dating back (at least) to the 1980s where security issues were discussed.
>> One list, the RISKS digest, is maintained by Peter Neumann <
>> https://en.wikipedia.org/wiki/Peter_G._Neumann>, who was mentioned
>> earlier in this thread.
>> 
>> When the Morris worm was released in November 1988, it sparked a lot of
>> discussion on many lists, such as the RISKS digest. [1] [2] Eventually, RFC
>> 1135 was written about it. [3] IMO, that incident raised consciousness
>> about security among IETF people, implementors of network protocols and
>> services, etc.
>> 
>> [1] https://en.wikipedia.org/wiki/Morris_worm
>> [2] https://catless.ncl.ac.uk/risks/7/69
>> [3] https://www.rfc-editor.org/rfc/rfc1135
>> 
>> --gregbo
>> 
>> 
>> --
>> Internet-history mailing list
>> Internet-history at elists.isoc.org
>> https://elists.isoc.org/mailman/listinfo/internet-history
>> -
>> Unsubscribe:
>> https://app.smartsheet.com/b/form/9b6ef0621638436ab0a9b23cb0668b0b?The%20list%20to%20be%20unsubscribed%20from=Internet-history
>> 
>> 
> 
> -- 
> Geoff.Goodfellow at iconia.com
> living as The Truth is True
> -- 
> Internet-history mailing list
> Internet-history at elists.isoc.org
> https://elists.isoc.org/mailman/listinfo/internet-history
> -
> Unsubscribe: https://app.smartsheet.com/b/form/9b6ef0621638436ab0a9b23cb0668b0b?The%20list%20to%20be%20unsubscribed%20from=Internet-history

More information about the Internet-history mailing list