+1. As Phill says, we can trace many big concentrations effects to
defects in our specification, and specially to security issues.
Phill mentions the relation between spam and email concentration. I
believe that he is right, and in fact the DINRG workshop on
concentration in the Internet outlined the same issues
(https://datatracker.ietf.org/meeting/114/materials/slides-114-dinrg-a-quick-summary-of-dinrg-workshop-on-centralization-in-the-internet-june-3-2021-01).
We see the same kind of concentration happening in CDN servers because
it is too hard to defend against DDOS just by yourself, and it is
starting to happen in the concentration of DNS servers for similar
reasons. Lesson: if the IETF is not ready to address issues, big
companies will.
You might deplore that Google and Microsoft dominate email, but it is
certainly not because their are flooding the IETF with representatives.
Their success is largely due to their capacity to isolate users from
spam. Spam itself derives from a fundamental choice for openness in
email design -- let anyone send or receive email from everyone. That
choice predates the creation of Google...
That being said, large companies do have a big influence on the
Internet, largely for technical reasons. I see that in the evolution of
transport protocols. A big part of the current efforts is to address the
"tail" of the distributions, covering a lot of diverse conditions. A
large company with a large market share is going to have a large amount
of data about those diverse conditions. Participants from that company
will be able to share this data and gain influence in the working groups
discussing the issues. Lesson: the more we openly share data about
various sides of the Internet experience, the more we level the playing
field.
-- Christian Huitema
On 10/2/2023 2:11 PM, Phillip Hallam-Baker wrote:
I agree that there is a problem here but it is not the cost of membership.
The real problem is that the Internet has grown so big and the companies
that provide the bulk of Internet apps and services have grown so large
that there are no institutions that have much influence over them.
We saw this early in the development of Internet payment schemes, the
original goal was to manage credit card payments from a secure wallet, SSL
was supposed to be a stopgap. But by the time schemes like SEPP were
getting going, the big Internet retail outlets saw no need to support any
technology that would level the playing field for smaller players.
Rather bizarrely, employees of the provider of the largest Web browser by
market share participate in discussions of new features for its main
competitor and is also the main source of funding.
I expect we will soon be seeing another ridiculous book from The
'Independent' Institute telling us network effects don't exist but bought
and paid for by a different sponsor this time.
The only way out of the current situation is to face up to the issues that
led to centralization in the first place. For email, it was spam. A
protocol in which authentication of messages is optional and lacking access
control on message receipt will inevitably face a very high level of abuse
and the only way to deal with that abuse is going to be expensive
heuristics.
If people want to have a decentralized Internet, we have to design the
systems for social scaling. We also have to look for opportunities.
Currently, the markets for messaging and email are entirely and
artificially disjointed. While voice and video are loosely tied to
messaging, the balkanization of messaging provision makes them very much
less useful than they could be.
On Sun, Oct 1, 2023 at 10:44 PM Dave Cridland <dave@xxxxxxxxxxxx> wrote:
I'd actually settle for just replying to this with "Me too", really, and
perhaps I should have - but one additional comment:
On Sun, 1 Oct 2023 at 19:40, Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx>
wrote:
On 10/1/23 14:21, S Moonesamy wrote:
From what I recall, the IESG members disclose the name of their
employers. It should be possible for figure out whether an IESG
member is primarily focused on their employer's interests.
It's not only participants' employers' interests that I'm concerned
about. The normalization of corporate culture in IETF has done
tremendous harm to IETF and its ability to serve the Internet
community. For example very many people have abandoned the concept of
interoperability (at least at layers above transport) and vendor
independence, in favor of the idea that the Internet exists to support
proprietary applications.
Further, those applications which are supposedly interoperable - like mail
- are extremely difficult to host without using ${BIGCORP}'s services if
you want to interoperate with the same few large providers.
Most of the recent changes to SMTP hosting requirements (going back to
DMARC at least) seem to be entirely driven by the needs of a few mass
hosting providers, rather than massive numbers of smaller hosting
providers. If the IETF objects at all it is ignored. Interoperability is of
less importance if you've only got a small handful of providers. I'm not
yet sure what the equivalent will be for the Web, but I'm sure it'll come -
already, as far as I can tell you're only allowed to have an opinion on the
browser side if you happen also to have a browser with significant share of
the market; the hosting side will probably go the same way at some stage.
The outcome of this is that although there are thousands upon thousands of
smaller internet-related companies, very few of these will see the IETF (or
W3C) as even remotely relevant to their actions - despite being entirely
reliant on its output - because hosting will be done by IETF "members". So
these voices are unheard at the IETF, because the membership fee - sorry,
attendance costs - are simply too high to warrant the (irrelevant)
expenditure.
There is a circle here, and I doubt it's virtuous.
Dave.
