A few thoughts on parts of this thread -- > On 6 Jan 2023, at 12:19 am, Brad Chen <bradchen=40google.com@xxxxxxxxxxxxxx> wrote: > > I question whether the IETF has the competence to unilaterally determine policy in this space. Recent comments on this thread reassure me that some of us are at least equipped to recognize the limits of our competence and to recognize the discretion that the IETF needs to exercise in how we impact policy. and: > On 6 Jan 2023, at 3:20 am, Vittorio Bertola <vittorio.bertola=40open-xchange.com@xxxxxxxxxxxxxx> wrote: > > Yes, I totally agree. Ten years ago, the IETF sincerely (with the best of intentions) and naively thought to be in charge of setting this tradeoff in Internet communications. I'm going to pick on the language used here, because the framing of the IETF as "unilaterally determining policy" or "being in charge" leads the reader to assume that we should defer to other, seemingly more authoritative institutions. In fact, policy for the Internet isn't set by any one entity -- it's polycentric / decentred governance, a trend in regulation that's been widely recognised now for a couple of decades. Even inside a single country, policy matters are often arrived at through collaboration between many stakeholders and often are effectively controlled by non-state actors. When global, this is transnational private regulation and there are many examples of it beyond the Internet. It means that we need to become comfortable in our role co-regulating the Internet, not try to claim control or cede it to others. The IETF has considerable legitimacy as not only an institution that can create useful technical documents, but also as a steward of the Internet architecture as a means to realise and maintain a global public good, even as we ourselves are an essentially private institution. In contrast, state actors are still relatively unproven in their roles as Internet regulators. Of course we should understand what other regulators of the Internet are doing and what their attitudes are, along with those of other stakeholders -- for our protocols to be successful, doing so is essential. That doesn't mean, however, that we should tie our hands or ask permission before developing protocols. Nor does it mean we should just give up and hand over change control to others, or jump to accommodate their actions when we identify serious concerns around security, privacy, ossification, or other areas where we have expertise. > The direction explored on this thread represents a tremendous and important task. I'm pretty sure the way to fail is for engineers to go it alone. To be competent, we need to figure out how to recognize the relevance of disciplines like law and philosophy and history, and how to benefit from their perspective on these issues. Very much agreed here, but recognise that the IETF isn't 'just engineers' -- we are an open organisation representing diverse viewpoints and experiences. Is it diverse enough? Of course not, but we can take steps to improve this and other factors that will shore up our legitimacy for the task at hand. I'd much rather do that than bury our heads in the sand -- which is the outcome whether we defer to external parties *or* we ignore them. Cheers, -- Mark Nottingham https://www.mnot.net/