>> The IETF have been considering security in its protocols for the last >> 11 years. > > Picking an historical nit: More like 20-25 years. > > Not sure whether anything pre-dates PEM, but that will do as a start. RFC 1636 was published 20 years ago. From the introduction: In summary, the objectives of this workshop were (1) to explore the interconnections between security and the rest of the Internet architecture, and (2) to develop recommendations for the Internet community on future directions with respect to security. These objectives arose from a conviction in the IAB that the two most important problem areas for the Internet architecture are scaling and security. While the scaling problems have led to a flood of activities on IPng, there has been less effort devoted to security. Time passes... -- Christian Huitema