The IETF have been considering security in its protocols for the last
11 years.
Picking an historical nit: More like 20-25 years.
Not sure whether anything pre-dates PEM, but that will do as a start.
RFC 1636 was published 20 years ago. From the introduction:
In summary, the objectives of this workshop were (1) to explore the
interconnections between security and the rest of the Internet
architecture, and (2) to develop recommendations for the Internet
community on future directions with respect to security. These
objectives arose from a conviction in the IAB that the two most
important problem areas for the Internet architecture are scaling and
security. While the scaling problems have led to a flood of
activities on IPng, there has been less effort devoted to security.
Time passes...
-- Christian Huitema