[ih] Security issues are not discussed in this memo [was: A revolution...]

Thu May 14 16:30:09 PDT 2026

I sure do NoT remember that quote!!!

v

On Thu, May 14, 2026 at 6:36 PM Barbara Denny via Internet-history <
internet-history at elists.isoc.org> wrote:

>  Not sure what you were thinking when you said serious and which people.
> I imagine many people aren't familiar with this law case (Note John
> Markoff reporting in all the original articles)
> https://www.nytimes.com/1992/12/08/us/hacker-indicted-on-spy-charges.html
> Then there is this long running case  around the same timeframe
>
> https://archive.nytimes.com/www.nytimes.com/library/cyber/hackstock/950217hacker-case-underscores.html
> Vint is quoted in the link above.
> John Markoff also covered the Morris Worm
> This link is more of a retrospective of that event.
>
> https://www.nytimes.com/times-insider/2014/08/06/1988-the-internet-comes-down-with-a-virus/
> This article also claims the Markoff piece on the Morris worm is the first
> time the Internet is mentioned in the NY Times.
> barbara
>     On Thursday, May 14, 2026 at 11:03:06 AM PDT, Barbara Denny <
> b_a_denny at yahoo.com> wrote:
>
>   Another name popped up into my head whose works on security you might
> want to look into is Dorothy Denning. She also spent some time at SRI.
> When I first got to SRI, she was mentioned to me because of the similarity
> of our last names.
> BTW, if you can't reach Peter I might be able to help.  I know Peter more
> through music (bassoonist).
> barbara
>
>     On Monday, May 11, 2026 at 04:51:19 PM PDT, the keyboard of geoff
> goodfellow via Internet-history <internet-history at elists.isoc.org>
> wrote:
>
>  vis-a-vis the Morris worm released in November 1988:
>
> The Berkeley Hillside Club on Feb 24, 2022 had a Fireside Meeting with Eric
> Allman -- the programmer who developed sendmail "... about those early,
> heady days as electronic communication began to be an essential part of all
> of our lives. This conversation will discuss the origins of sendmail, the
> attitudes of the time, and how the Internet grew and changed over the
> years."
>
> During this Fireside Meetings Q&A yours truly asked Eric:
>
> *"Could you give some backstory about the sendmail DEBUG command that
> contributed to the Morris Internet Worm incident of 1988?"*
>
> his backstory reply is queued below at the 51:15 minute mark:
>
> https://youtu.be/j6h-jCxtSDA?si=EepWGNh4Yv5ckv1l&t=3075
>
> g
>
> On Mon, May 11, 2026 at 2:10 PM Greg Skinner via Internet-history <
> internet-history at elists.isoc.org> wrote:
>
> > On May 10, 2026, at 9:31 PM, Brian E Carpenter <
> > brian.e.carpenter at gmail.com> wrote:
> > >
> > > On 11-May-26 12:09, Greg Skinner via Internet-history wrote:
> > > ...
> > >> I’m not sure what Andrew Sullivan meant by “give away.” IMO, the USG
> > had a much more liberal attitude towards 1970s and 1980s Internet
> > technology, as well as the Internet itself, than it did towards
> > cryptographic technology at that time.  The history of PGP <
> > https://en.wikipedia.org/wiki/Pretty_Good_Privacy> provides an example
> of
> > this.  If the Internet and/or Internet technology had been subject to
> > tighter access and export controls, neither might have (as easily) become
> > what they are today.  (I realize there is a lot more to this, and would
> > welcome others who have much more experience than I do in this area to
> > comment.)
> > >
> > > When did people start to think seriously about security (which is much
> > more than cryptography, of course)?
> > >
> > > It was RFC 1311 (March 1992) that introduced the infamous phrase
> > "Security issues are not discussed in this memo" which was used quite
> > liberally for a long time. "Security Considerations" sections in RFCs
> seem
> > have become normal around 1989, but most of them were very weak for many
> > years. (At CERN, we saw elementary attacks from about 1986, mainly via
> > DECNET, and we first appointed a network security person in about 1988.)
> > >
> > > Of course, by the time the PGP mess came along, it was clear that NSA
> > and its friends were taking a lot of interest in the Internet, and we
> poked
> > the hornet's nest in the mid-1990s with RFC 1984. But DARPA funding was
> > gone by then.
> > >
> > > Regards/Ngā mihi
> > >  Brian Carpenter
> >
> > From what I remember, there were various mailing lists and newsgroups
> > dating back (at least) to the 1980s where security issues were discussed.
> > One list, the RISKS digest, is maintained by Peter Neumann <
> > https://en.wikipedia.org/wiki/Peter_G._Neumann>, who was mentioned
> > earlier in this thread.
> >
> > When the Morris worm was released in November 1988, it sparked a lot of
> > discussion on many lists, such as the RISKS digest. [1] [2] Eventually,
> RFC
> > 1135 was written about it. [3] IMO, that incident raised consciousness
> > about security among IETF people, implementors of network protocols and
> > services, etc.
> >
> > [1] https://en.wikipedia.org/wiki/Morris_worm
> > [2] https://catless.ncl.ac.uk/risks/7/69
> > [3] https://www.rfc-editor.org/rfc/rfc1135
> >
> > --gregbo
> >
> >
> > --
> > Internet-history mailing list
> > Internet-history at elists.isoc.org
> > https://elists.isoc.org/mailman/listinfo/internet-history
> > -
> > Unsubscribe:
> >
> https://app.smartsheet.com/b/form/9b6ef0621638436ab0a9b23cb0668b0b?The%20list%20to%20be%20unsubscribed%20from=Internet-history
> >
> >
>
> --
> Geoff.Goodfellow at iconia.com
> living as The Truth is True
> --
> Internet-history mailing list
> Internet-history at elists.isoc.org
> https://elists.isoc.org/mailman/listinfo/internet-history
> -
> Unsubscribe:
> https://app.smartsheet.com/b/form/9b6ef0621638436ab0a9b23cb0668b0b?The%20list%20to%20be%20unsubscribed%20from=Internet-history
>
> --
> Internet-history mailing list
> Internet-history at elists.isoc.org
> https://elists.isoc.org/mailman/listinfo/internet-history
> -
> Unsubscribe:
> https://app.smartsheet.com/b/form/9b6ef0621638436ab0a9b23cb0668b0b?The%20list%20to%20be%20unsubscribed%20from=Internet-history
>