Salz, Rich writes:
> The IETF has lawyers who are familiar with how the IETF works, and
> that legal counsel finds our processes acceptable level of risk.
RFC 9680 was issued in October 2024 and says that it's "intended to
educate IETF participants about how to reduce antitrust risks in
connection with IETF activities". Sounds like the lawyers are worried.
More to the point, they _should_ be worried.
> The IETF has long accepted that saying "we have customers who want
> this" as a metric into its decisions. If Foo.Com says they have
> customers for RFC X, then the IETF community believes it is more
> likely that Foo.Com will implement RFC X. Market acceptance is
> important to what the IETF considers success.
The whole point of antitrust law is to put constraints on _how_ market
success can be pursued, so praising market success is missing the point.
Take any corporation (whether for-profit or not) that lost an antitrust
case, and look at its briefs; you'll see that it argued, unsuccessfully,
that what it was doing was healthy market activity.
As one of many examples of the constraints that antitrust law places on
standards-development organizations, look at
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52011XC0114(04)
asking, inter alia, whether "the procedure for adopting the standard in
question is transparent". Saying that IETF is pursuing market success
does nothing to answer this transparency question, or any of the other
procedural questions asked by antitrust law.
The same link also asks whether there are "objective criteria for
selecting the technology to be included in the standard". Where are
IETF's objective criteria for deciding what to select? Where's the
documentation demonstrating systematic enforcement of those criteria?
As illustrated by this discussion, IETF allows a company to push for a
standard by simply claiming, without evidence or quantification or a
technological rationale, that there are customers for the standard.
History shows that IETF is more likely to act on such claims from large
companies than from small companies.
Yes, of course a company pushing for something to be standardized will
claim that the standard will have customers. This is content-free beyond
the company name---and IETF doesn't follow procedures that demand more
information. Evidently the IETF "metric" is not the market prospects of
what's being proposed for standardization, but rather the size of the
company pushing for it. That's inherently anti-competitive, rewarding
the existing big players instead of establishing a level playing field.
A court will want to know how IETF procedures stop a large company or a
cartel from manipulating IETF's decision-making process to suppress
competition. What the court will instead see is evidence of IETF often
allowing its process to be manipulated without even asking questions.
> Please don't quote other lawyers to us.
You're complaining about my providing a link to
https://www.google.com/books/edition/Handbook_on_Antitrust_Aspects_of_Standar/zin5tgAACAAJ
from the American Bar Association? I think this is a great starting
point for WG participants who want to learn more about the topic.
---D. J. Bernstein
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
