The Open Standards Process: How the Internet Governs Itself

RFC 1 and the Spirit of the Thing

On April 7, 1969, a UCLA graduate student named Steve Crocker wrote a two-page memo about software for the ARPANET’s first hosts. He called it “Request for Comments” — a deliberately tentative title, meant to invite discussion rather than impose authority. The document was typed, photocopied, and distributed by mail. It was numbered 1.

The title was philosophically significant. The ARPANET’s principal technical architect, Jon Postel, had a specific theory of how technical standards should be made: not by committees with formal authority, but by practitioners who had thought hard about a problem, written down their thinking, and submitted it to criticism. A standard that could not survive criticism was not a standard worth having. The RFC process was anti-authoritarian by design.

Postel edited and distributed RFCs for most of the next three decades from the University of Southern California’s Information Sciences Institute, becoming the keeper of the internet’s most essential reference documents. He also maintained the Internet Assigned Numbers Authority (IANA), personally allocating IP address blocks and managing the domain name system from what amounted to a text file on his workstation. His unofficial authority was enormous, grounded entirely in the community’s trust.

In January 1998, Postel sent an email to eight regional network operators asking them to redirect their root DNS servers from the US government-controlled server to one he operated at ISI. Seven of the eight complied. He was, briefly, in personal control of the domain name system for most of the internet. The US government intervened; Postel backed down. He died eight months later from heart surgery complications, at fifty-five. His colleague Vint Cerf eulogized him in RFC 2468, “I Remember IANA,” as “our Internet Assigned Numbers Authority, friend, engineer, confidant, leader, icon, and now, first of the giants to depart from our midst.” In life Postel had been popularly dubbed the “god of the Internet” — a label he rejected, insisting “the Internet works because a lot of people cooperate.”

Rough Consensus and Running Code

The IETF (Internet Engineering Task Force) is the body responsible for the internet’s core protocols. It was formalized from earlier ARPANET working groups in 1986, though it had operated informally for years before. Its organizational principles remain unusual among standards bodies:

• No membership fees or formal enrollment. Anyone can participate by joining a mailing list or attending a meeting.
• Three meetings per year, held in different global cities, open to all who register.
• Decisions by rough consensus, assessed by the meeting chair asking participants to hum (not vote — humming is less adversarial and harder to “win” by packing a room).
• “Rough consensus and running code” — the phrase coined by computer scientist Dave Clark — as the governing principle: a working implementation is worth more than a perfect theoretical specification.

The IETF has no legal authority to require anyone to implement its standards. Its standards (published as RFCs) acquire the force of convention through adoption, not through legal mandate. This sounds fragile and has proven robust: TCP/IP, HTTP, SMTP, DNS, TLS, and most of the protocols that make the internet function are IETF standards that no law requires anyone to implement, yet are implemented by essentially everyone.

Key RFCs that defined the internet:

• RFC 791 (September 1981): IPv4, the Internet Protocol that gives every network-connected device its address
• RFC 793 (September 1981): TCP, the Transmission Control Protocol that ensures reliable data delivery
• RFC 2616 (June 1999): HTTP/1.1, the hypertext transfer protocol — the language of the web
• RFC 5246 (August 2008): TLS 1.2, transport layer security — the cryptographic protocol that makes HTTPS possible
• RFC 7540 (May 2015): HTTP/2, the major revision introducing multiplexing and header compression

The W3C: Standards for the Web Layer

In 1994, Tim Berners-Lee — having invented the World Wide Web in 1989–1991 at CERN — founded the World Wide Web Consortium (W3C) at MIT to coordinate web standards. Unlike the IETF, the W3C has a formal membership structure: companies pay membership fees (tiered by size) to participate in standards development. In exchange, they get a seat at the table.

This created a different set of tensions. The W3C’s HTML and CSS standards were developed through a more formal, slower process than the IETF’s. In 2004, browser vendors — Apple (Safari), Mozilla (Firefox), and Opera — grew frustrated with the W3C’s direction on HTML and formed the WHATWG (Web Hypertext Application Technology Working Group) as a competing body, developing HTML5 and Web APIs outside W3C processes.

The parallel existed awkwardly for years. The W3C was formally developing XHTML 2.0 (a strict XML-based reformulation of HTML that would have broken backward compatibility with the entire existing web). WHATWG was developing HTML5, which maintained backward compatibility. In 2009, the W3C abandoned XHTML 2.0 and adopted HTML5, acknowledging that the browser vendors’ pragmatic approach had won. The HTML5 specification was finalized in October 2014 — seven years after the WHATWG began drafting it.

IEEE 802: The Physical Layer Standards

While the IETF handles network protocols, the IEEE 802 committee governs the physical and data link layer standards that make bits travel through wires and air.

IEEE 802.3 (Ethernet), first standardized in 1983 from Bob Metcalfe’s original design, defined the protocol for wired local area networks. Ethernet’s speed has increased from 10 Mbit/s to 400 Gbit/s over four decades while maintaining fundamental backward compatibility — a testament to the original design’s soundness.

IEEE 802.11 (Wi-Fi), first standardized in 1997, defined wireless local area networking. The alphabetical suffix appended to each generation (802.11b, 802.11g, 802.11n, 802.11ac, 802.11ax) became a consumer marketing challenge; the Wi-Fi Alliance eventually introduced a parallel numbering system (Wi-Fi 4, Wi-Fi 5, Wi-Fi 6, Wi-Fi 6E, Wi-Fi 7) to make generational improvements comprehensible to non-engineers.

IEEE 802.15.1 (Bluetooth), standardized from Ericsson’s 1994 radio technology, enabled short-range wireless personal area networks. The standard body is maintained by the Bluetooth Special Interest Group, a consortium of over 35,000 member companies.

ICANN and the Politics of Domain Names

The Internet Corporation for Assigned Names and Numbers (ICANN) was established in 1998 to take over from Jon Postel’s informal management the functions of domain name allocation, IP address assignment, and root DNS server coordination.

ICANN’s governance structure was designed to distribute authority internationally: a multi-stakeholder model with representatives from governments, commercial entities, civil society, and technical communities. The US Department of Commerce retained oversight authority over ICANN’s root zone management — a remnant of the internet’s ARPANET origins — that other nations consistently objected to as American unilateral control of global infrastructure.

In 2016, the US government relinquished that oversight authority, transferring ICANN to full multi-stakeholder control. China, Russia, and other nations had long argued for ITU (International Telecommunication Union, a UN body) governance of the internet; the multi-stakeholder model was partly designed to forestall this alternative.

Domain name disputes — who gets to own google.com, apple.com, or generic terms like hotels.com — generated extensive litigation and the Uniform Domain-Name Dispute-Resolution Policy (UDRP), an arbitration system administered by WIPO. The introduction of new top-level domains (beyond .com, .net, .org) in the 2010s — .app, .shop, .dev, .bank, and hundreds of others — generated approximately $400 million in application fees for ICANN but also a secondary market in premium domain speculation.

The Embrace-Extend-Extinguish Pattern

The history of internet standards includes a recurring pattern: a dominant company adopts an open standard, extends it with proprietary features, and then uses the incompatibility of its extensions to lock users into its ecosystem.

Microsoft’s Internet Explorer (dominant mid-1990s to mid-2000s) is the canonical example. IE adopted HTML but added proprietary extensions — ActiveX, VBScript, CSS deviations — that only worked in IE. Web developers targeting IE users (85%+ of the market at peak) built sites that required these extensions. The extensions then prevented users from switching browsers and prevented competitors from offering compatible implementations. See Bill Gates and Microsoft and The Search Engine Wars for the browser war context.

The pattern recurs: Google’s QUIC protocol, developed internally and used by Google services beginning around 2013, became widely deployed before it was submitted to the IETF for standardization. The IETF adopted a version of QUIC as HTTP/3 (RFC 9114, June 2022). The process of IETF standardization is, optimistically, Google contributing an innovation to the commons; pessimistically, it is Google deploying a protocol at scale, then standardizing its own protocol — with the resources to drive the standardization — establishing a norm that reflects its own engineering choices.

Why Open Standards Matter: Interoperability and Competition

The theoretical argument for open standards is that interoperability enables competition. If email is an open standard (SMTP/IMAP/POP3), any email client can connect to any email server; users are not locked into a single provider. If telephony is standardized, any phone can call any other phone. The absence of a monopoly on the communication layer allows competition at every other layer.

Proprietary protocols invert this: if a messaging service uses its own protocol, users can only communicate with other users of the same service. This creates network effects that entrench the market leader and raise barriers to entry for alternatives. The result is winner-take-all dynamics in social media (Facebook), messaging (iMessage, WeChat, WhatsApp), and other communication platforms.

The EU’s Digital Markets Act (2022) included a messaging interoperability mandate — requiring large messaging platforms to open their protocols to allow third-party clients to connect. Implementation proved technically and politically contentious: end-to-end encrypted messaging is difficult to interoperate without compromising encryption; the platforms argued that opening their protocols would degrade security. The mandate represented an attempt to use standards policy to enforce the competitive conditions that open standards would naturally create.

The open standards process is thus not a historical artifact but an ongoing political contest between the internet’s founding tradition of public interoperability and the commercial interests of the companies that have grown to dominate it. For the cryptographic standards that secure internet communication, see Public Key Cryptography: The Mathematics That Secured the Internet.

---

📚 Sources

• Crocker, Steve: RFC 1, “Host Software,” ARPANET Working Group (April 7, 1969)
• Clark, David: “A Cloudy Crystal Ball: Visions of the Future,” IETF plenary speech (1992) — source of “rough consensus and running code”
• Cerf, Vint: “I Remember IANA,” RFC 2468 (October 1998), in memory of Jon Postel
• Berners-Lee, Tim: Weaving the Web: The Original Design and Ultimate Destiny of the World Wide Web (1999), Harper San Francisco
• Internet Engineering Task Force: Overview and mission statement, IETF.org
• World Wide Web Consortium: HTML5 specification (October 2014), W3C
• Electronic Frontier Foundation: “W3C Abandons Consensus, Standardizes DRM with Objections” (September 2017)
• IANA stewardship transition — Wikipedia
• Internet Engineering Task Force — Wikipedia
• Mockapetris, Paul: RFC 1034–1035, “Domain Names” (November 1987)