Internet Engineering Task Force leaves home, gets own bank account

If all goes according to plan, the venerable Internet Engineering Task Force (IETF) will this week tackle a fiendishly difficult problem: standing on its own administrative feet.

Today, the IETF exists as an Internet Society (ISOC) activity under a structure that is more than a decade old and needs a refresh.

The IETF has shortcomings, but it's also one of the most successful technical bodies ever: its nearly-informal processes that focus on “rough consensus and running code” gives the world an internet that mostly works, most of the time.

Yet all of its work has been loosely-governed. As the Task Force's mission statement (RFC 3935) outlines, working groups are managed by area directors, who are members of the Internet Engineering Steering Group (IESG); working group architectural activities are overseen by the Internet Architecture Board (IAB); and the IESG and IAB are chartered by ISOC.

But there hasn't been a legal administrative entity called the Internet Engineering Task Force. Hence this Internet-Draft from early April 2018 proposing that the IETF have its own structure, separate from ISOC.

To understand the proposal, The Register spoke to Joe Hall of the Center for Democracy & Technology, editor of the draft.

“The IETF has always grown rather organically,” Hall said. “Rough consensus and running code, that's what it lives and dies by.”

These days, however, there are simple mercantile questions to answer: money has to come from somewhere, and current arrangements seemed sub-optimal.

“You have to get cheques from people, and you have to navigate increasingly complicated connections”, Hall said. “When a donor wants to donate money for the IETF's work, they have to write a cheque to the Internet Society, because the IETF is not its own legal entity.”

Donors could reasonably ask “what am I donating to?”, Hall said, since it's up to ISOC to pass on the funds to the IETF.

While the arrangement has worked somehow, it's not an ideal governance arrangement. It's therefore time for a change.

The other thing that's happened over the decades, Hall told El Reg, is that both ISOC and the IETF are “very much more mature” organisations compared to when they came into being.

“The IETF's budget is always bigger than we can raise from fundraising,” he added. ISOC “backfills” that budget, a “dependency we all recognise” – but ISOC also has its own “very global mission” to consider.

Finally, into this world of hardworking and mostly-volunteer wonkery, it's painful to consider legal liability, but it's there: “The ISOC president has these contracts coming to her desk that she has to sign, and is legally responsible for”.

Which again makes a legally-responsible IETF body desirable.

Unwieldy structure

In November 2016, the IETF kicked off workshops to discuss its administrative arrangements, and as part of that process, the six-member “Design Team” team that wrote the draft were put to work.

The draft describes problems similar to those Hall identified to The Register, as well as others: “In general, the range of IETF administrative tasks have grown considerably, our organisational structure is not as clear, efficient, or as fully resourced as it should be, the division of responsibilities between the IETF and ISOC continues to evolve, expectations on transparency have changed, and we face continued challenges related to funding IETF activities on a background of increasing costs and lack of predictability in our funding streams.”

The draft also notes that demarcation between ISOC and the IETF can be unclear, and this can even create confusion about who's paying what proportion of staff time – and that the IETF itself needs more staff.

The proposal offered in the draft is simple and familiar: an LLC disregarded entity (a definition most relevant to its taxation status) of the Internet Society.

It's in the nature of a demerger, Hall said, with the IETF and ISOC charged with working out the boring details of “how to get the intent embodied in these documents into legal instruments”.

If the IESG charters a working group and the IETF is chartered as a separate body, the next set will be an “operating agreement setting down the detail of how the IETF operates, including the formal delegation to the Internet Architecture Board to choose [the IETF's] board”.

Preserving the IETF

Speaking as an activist rather than a draft editor, Hall identified the greatest risk in the process as potential capture of the IETF's activities.

The group has long needed to make sure the standardisation process isn't too easily dominated by interests (this author recalls a time when it seemed that standards were all written by Cisco, for example).

The IETF's default position, that everything be open all the time, helps protect the processes, Hall said. “There have to be very good reasons for confidentiality … so there's less of an opportunity for people to drum up conspiracy theories.”

The rise of content distribution networks (CDNs), and a corresponding rise of their influence, is one example of what the IETF will need to handle under its new structure.

A decade ago, CDNs were hardly known beyond a handful of insiders; today, they protect the core infrastructure from catastrophic infrastructure shortage.

And, Hall said, they do good work in the IETF: “I'm glad to see their work happening on securing the DNS, it would have taken forever otherwise.”

But that influence has the potential for misuse: for example, an RFC ignored because it needs too many round trips, because if the CDNs don't like something, nobody's going to use it.

The same is true for vendors, Hall said: just as Cisco once looked like it could write standards to its own benefit, there's a whole new population of emerging vendors whose influence has to be managed, or it “feels like one vendor is trying to stack NomCom” [the IETF Nominations Committee, whose role is to nominate people to open IESG, IAB, and IETF Administrative Oversight Committee positions – El Reg].

“The mechanisms need to reflect the multi-stakeholder environment – it has to be about users, not vendors or operators,” Hall said.

He added that since ISOC's CEO Kathryn Brown is stepping down at the end of the year, the stakeholders hope to complete the transition before she departs. ®