IETF hums along at 20

From a notorious striptease by internet pioneer Vint Cerf to a fist-pumping, table-jumping brawl about cryptography policy, the internet's premier standards-setting body has had its share of big moments.

Next week, the IETF celebrates another one when it turns 20.

The IETF is an egalitarian, all-volunteer group consisting of network engineers from Cisco, IBM, Microsoft, AT&T and other leading vendors. It has created many of the underlying standards that make the internet work, including fundamental routing, email, directory services and telephony protocols.

IETF leaders say the group's greatest accomplishment is that the protocols it developed let the internet function in spite of dramatic growth and the introduction of new services.

"Despite all kinds of centrifugal forces, the internet's technology has stayed reasonably unified and coherent during the tremendous growth of the last 20 years, the enormous changes in underlying transmission technology and the era of telecommunications liberalisation,'' says Brian Carpenter, chair of the IETF and a distinguished engineer with IBM.

"The [IETF's] real achievement has been keeping focus on the unifying ideas, such as the end-to-end principle,'' Carpenter adds. "The IETF didn't invent those unifying ideas, but it's used them in its protocol development work, blended with pragmatism.''

Despite the group's many engineering triumphs, the IETF is best known for its openness and individualistic approach to standards development. It also differs from other staid standards bodies because of its quirky traditions, which include registering approval by humming rather than raising hands.

"The biggest strength of the IETF is its openness,'' says Harald Alvestrand, a Cisco fellow who led the group from 2001 to 2005. "We are able to take input from the whole world, and we arrive at our decisions through a process that you are welcome to watch and participate in.''

Alvestrand says the IETF's openness coupled with the expertise of its participants result in higher-quality standards.

The IETF held its first meeting January 16-17, 1986 in San Diego with 21 attendees. In March, the group will hold its 65th meeting in Dallas, and more than 1,000 attendees are expected. It will publicly recognise its 20th birthday at the meeting.

The IETF meets three times per year, but most of the group's decision making is done via email posted on its website, www.ietf.org.

The group has created many important network industry standards, including Border Gateway Protocol and Open Shortest Path First for routing; Post Office Protocol and Internet Message Access Protocol for email; Session Initiation Protocol for internet telephony and Lightweight Directory Access Protocol for directory services.

Other well-known IETF technologies include MPLS for traffic engineering, the IPSec security protocol used in VPNs and the next-generation internet protocol known as IPv6.

"What we do is architect the internet, and the internet is still a pretty rollicking place,'' says Fred Baker, a Cisco fellow who served as chair of the IETF from 1996 to 2001. "We describe different functions that get done and principles by which they work, which is a different way to do architecture.''

The group has published more than 3,300 protocol documents known as requests for comments. These documents, which are used daily by corporate network managers, outline standards for configuring hosts, authenticating users, monitoring networks and many other necessary tasks.

"The IETF is interested in building something like a Swiss Army knife,'' Baker says. "We give you the tools and you can go build your network. If you don't have the right tools, then you can come back and identify the tools you need and we'll build them.''

The IETF has created duds, too. IETF protocols that were never widely deployed include IP Multicast, a bandwidth-conserving technique for broadcasting information and DNS Security, a technique for securing the DNS using public-key encryption.

In some areas, such as firewalls and instant messaging, the group failed to produce standards fast enough for the marketplace to adopt. However, its greatest misstep was its failure to grasp the importance of built-in security.

"We didn't get serious about security early enough,'' says Scott Bradner, a senior technical consultant with Harvard University who held leadership positions with the IETF from 1993 to 2003. "The internet carefully delivers that virus to your door because its job is to deliver packets and not to inquire whether the application is good for you. The net by itself is doing what it should do but we don't have intrinsic integrity and authentication. We didn't do that way back when, and it should have been done.''

Unlike other standards-setting bodies such as the IEEE, World Wide Web Consortium and the International Telecommunication Union (ITU), the IETF has individual rather than corporate or government participants. Anyone can propose a protocol to the IETF but the protocol must achieve rough consensus from the group and have working prototypes before it can be approved as a standard.

"In the ITU, governments approve the standards and formal submissions come from companies,'' explains Bradner, who serves as liaison between the IETF and ITU. "In the IETF it's individuals, not companies, who submit ideas. And it's the consensus of the community as interpreted by the IETF leadership that prevails. That's very different from having Germany decide it doesn't like a standard.''

Bradner says the result of the IETF's non-governmental approach is that the group doesn't focus on protecting existing industries or companies. The ITU and other standards bodies "tend to create standards that will not necessarily disrupt incumbent companies like carriers, but the IETF doesn't have that formal sensitivity,'' Bradner adds.

Another key difference is that the IETF makes decisions based on rough consensus rather than unanimity. The IETF leadership will approve a protocol document even if 10% of the group's participants disagree, while other standards bodies make changes or additions to a document so all participants support it.

The rough consensus approach makes the IETF's process more contentious, while the group's openness makes its process take longer. One of the main criticisms of the IETF is that it takes too long to publish proposed standards. For example, the IETF has been working on aspects of IPv6 since 1994.

The IETF faces many challenges, including declining attendance at its meetings and increased competition from other standards bodies.

In 2000, at the peak of the internet bubble, IETF meetings attracted more than 2,800 attendees. At its meeting in November, the group had 1,200 attendees.

The IETF can't afford to lose money on its meetings because it doesn't charge membership fees. However, many longtime attendees say the current meeting size is better for getting work done.

"When we had 3,000-person meetings, a lot of the people were not there to work on things,'' says Baker, who attended his first IETF meeting in 1989. "The meetings that we have are smaller. The mailing lists are more contained, and the work is actually proceeding better.''

The IETF recently reorganised its administrative functions to gain greater control over its finances and meeting-related expenses. Alvestrand, who encouraged the group to reorganise during his stint as chair, says it's too early to tell if the new administrative structure will work better than the less-formal systems of the past.

"By the end of 2006, we'll be able to tell,'' Alvestrand says. "When we've had service contracts in place for a year and have had monies for the meetings flowing through hands that are accountable to the IETF, we'll know.''

Meanwhile, rival standards bodies such as the ITU are looking to encroach on areas of standards development that traditionally were handled by the IETF, while new standards bodies such as the Liberty Alliance Project and the MPLS Forum are cropping up to address standardisation for emerging internet services.

The IETF's biggest challenge is "continued relevance,'' Bradner says. "Finding new things to do or old things to work on which are relevant to the needs of the networking world going forward is key.''

Nonetheless, IETF leaders are optimistic about the group's future, especially the technical challenges that lie ahead.

"I expect to see a lot more work on quality of service and of course on security,'' Carpenter says. "And we need some breakthrough thinking in the area of resource discovery. Using the DNS to find things is a really bad compromise, especially as we move toward fully internationalised naming of resources."