Skip to main content

Internet Centralization: What Can Standards Do?

The information below is for an old version of the document.
Document Type
This is an older version of an Internet-Draft whose latest revision state is "Active".
Author Mark Nottingham
Last updated 2023-03-21 (Latest revision 2023-02-17)
RFC stream Independent Submission
Stream ISE state In ISE Review
Revised I-D Needed
Consensus boilerplate Unknown
Document shepherd (None)
IESG IESG state I-D Exists::Revised I-D Needed
Telechat date (None)
Responsible AD (None)
Send notices to (None)
Network Working Group                                      M. Nottingham
Internet-Draft                                          17 February 2023
Intended status: Informational                                          
Expires: 21 August 2023

            Internet Centralization: What Can Standards Do?


   Despite the Internet being designed and operated as a decentralized
   network-of-networks, forces often (and increasingly) encourage
   consolidation of power over its functions into few hands.

   This document discusses centralization in Internet protocols and
   relates it to consolidation of power, explains why both are
   undesirable, identifies forces that contribute to them, catalogues
   limitations of common approaches to decentralization, and explores
   what Internet standards efforts can do.

About This Document

   This note is to be removed before publishing as an RFC.

   Status information for this document may be found at

   Source for this draft and an issue tracker can be found at

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 21 August 2023.

Nottingham               Expires 21 August 2023                 [Page 1]
Internet-Draft    Internet Centralization and Standards    February 2023

Copyright Notice

   Copyright (c) 2023 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Centralization and Consolidation  . . . . . . . . . . . . . .   4
     2.1.  Assessing Centralization  . . . . . . . . . . . . . . . .   5
     2.2.  How Centralization Occurs . . . . . . . . . . . . . . . .   7
       2.2.1.  Proprietary Centralization  . . . . . . . . . . . . .   7
       2.2.2.  Beneficial Centralization . . . . . . . . . . . . . .   8
       2.2.3.  Concentration . . . . . . . . . . . . . . . . . . . .   9
       2.2.4.  Inherited Centralization  . . . . . . . . . . . . . .  10
       2.2.5.  Platform Centralization . . . . . . . . . . . . . . .  11
   3.  Decentralization  . . . . . . . . . . . . . . . . . . . . . .  12
     3.1.  Decentralization Techniques . . . . . . . . . . . . . . .  13
       3.1.1.  Federation  . . . . . . . . . . . . . . . . . . . . .  14
       3.1.2.  Multi-Stakeholder Governance  . . . . . . . . . . . .  15
       3.1.3.  Distributed Consensus . . . . . . . . . . . . . . . .  16
   4.  What Should Internet Standards Do?  . . . . . . . . . . . . .  17
     4.1.  Bolster Legitimacy  . . . . . . . . . . . . . . . . . . .  17
     4.2.  Engage with Centralization Thoroughly but
           Realistically . . . . . . . . . . . . . . . . . . . . . .  18
     4.3.  Decentralize Proprietary Functions  . . . . . . . . . . .  19
     4.4.  Evaluate New Decentralization Techniques  . . . . . . . .  20
     4.5.  Enable Switching  . . . . . . . . . . . . . . . . . . . .  21
     4.6.  Control Delegation of Power . . . . . . . . . . . . . . .  21
     4.7.  Consider Extensibility and Modularity Carefully . . . . .  23
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .  24
   6.  Informative References  . . . . . . . . . . . . . . . . . . .  24
   Appendix A.  Acknowledgements . . . . . . . . . . . . . . . . . .  29
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  29

Nottingham               Expires 21 August 2023                 [Page 2]
Internet-Draft    Internet Centralization and Standards    February 2023

1.  Introduction

   The Internet has succeeded in no small part because of its purposeful
   avoidance of any single controlling entity.  While originating in a
   desire to prevent a single technical failure from having a wide
   impact [BARAN], this stance has also enabled the Internet’s rapid
   adoption and broad spread.  The Internet can accommodate a spectrum
   of requirements and is now a global public good because permission is
   not required to connect to it, deploy an application on it, or use it
   for a particular purpose.

   While maintaining these properties remains a widely shared goal,
   consistently achieving them has proven more difficult over time.
   Today, many successful services operate in a centralized fashion --
   to the point where some proprietary applications have become so well-
   known that they are commonly mistaken for the Internet itself.  Even
   when open protocols incorporate techniques intended to prevent
   consolidation, economic and social factors can drive users to prefer
   solutions built with or on top of supposedly decentralized

   These difficulties call into question what role architectural design
   -- in particular, that overseen by open standards bodies such as the
   IETF -- should play in preventing, mitigating, and controlling
   consolidation of power on the Internet.  This document discusses
   aspects of centralization that relate to Internet standards efforts,
   and argues that while the IETF may not be able to prevent these
   outcomes, there are still meaningful steps it can take to help
   counteract them.

   Section 2 defines centralization and consolidation, explains why and
   when they are undesirable, and surveys how they occur on the
   Internet.  Section 3 explores decentralization and highlights some
   relevant techniques, along with their limitations.  Finally,
   Section 4 considers the role that Internet standards play in avoiding
   centralization and mitigating its effects.

   The primary audience for this document is the engineers who design
   and standardize Internet protocols.  However, designers of
   proprietary protocols and applications can benefit from considering
   these issues, especially if they intend their work to be considered
   for eventual standardization.  Likewise, policymakers can use this
   document to help identify and evaluate proposed remedies for
   inappropriately centralized protocols and applications.

Nottingham               Expires 21 August 2023                 [Page 3]
Internet-Draft    Internet Centralization and Standards    February 2023

2.  Centralization and Consolidation

   This document distinguishes "consolidation" from "centralization" to
   separate effects from (some of) their causes.

   "Consolidation" is the ability of a single entity or a small group of
   them to exclusively observe, capture, control, or extract rent from
   the operation or use of an Internet function.

   Here, "entity" could be a single person, a corporation, or a
   government.  It does not include an organization that operates in a
   manner that effectively mitigates consolidation (see, e.g.,
   Section 3.1.2).

   "Internet function" is used broadly in this document.  It might be an
   enabling protocol already defined by standards, such as IP [RFC791],
   BGP [RFC4271], TCP [RFC793], or HTTP [HTTP].  It might also be a
   proposal for a new enabling protocol, or an extension to an existing

   Furthermore, Internet functions are not limited to standards-defined
   protocols.  User-visible applications built on top of standard
   protocols are also vulnerable to consolidation -- for example, social
   networking, file sharing, financial services, and news dissemination.
   Likewise, networking equipment, hardware, operating systems, and
   software act as enabling technologies that can exhibit consolidation.
   The supply of Internet connectivity to end users in a particular area
   or situation can also be subject to consolidation, as can the supply
   of transit between networks (so called "Tier 1" networks).

   "Centralization" is the source of consolidation that this document
   focuses upon; it measures the direct or potential contribution of a
   function's technical design to consolidation.  For example, many
   consider the social networking market to be highly consolidated
   around a few providers who have used highly centralized architectures
   (see Section 2.2.1) to reinforce their control.

   Centralization is not a binary condition; a function's design might
   contribute to or be vulnerable to consolidation in multiple ways and
   in various degrees.  Even when decentralization techniques are
   purposefully used to avoid centralization in a particular aspect of a
   function, it often appears in other places -- for example, in its
   governance, implementation, deployment, or in ancillary functions.
   In summary, "decentralized technology alone does not guarantee
   decentralized outcomes."  [SCHNEIDERa] Therefore, we need a more
   nuanced way to asess it.

Nottingham               Expires 21 August 2023                 [Page 4]
Internet-Draft    Internet Centralization and Standards    February 2023

2.1.  Assessing Centralization

   By default, Internet protocol designers will avoid an obviously
   centralized design because the Internet's very nature is incompatible
   with it.  As a "large, heterogeneous collection of interconnected
   systems" [BCP95] the Internet is often characterised as a "network of
   networks".  These networks relate as peers who agree to facilitate
   communication, rather than having a relationship of subservience to
   others' requirements or coercion by them.  This focus on independence
   of action carries through the way the network is architected -- for
   example, in the concept of an "autonomous system".

   However, as discussed below in Section 2.2.2, not all centralization
   is avoidable, and in some cases, it is even desirable.  With that in
   mind, centralization on the Internet is most concerning when it is
   not broadly held to be necessary, when it has no checks, balances, or
   other mechanisms of accountability, when it selects "favorites" which
   are difficult (or impossible) to displace, and when it threatens to
   diminish the success factors that enable the Internet to thrive --
   scalability to meet the demands of new users, adaptability to
   encompass new applications, flexibility to enable deployment of new
   technologies, and resilience to shocks and changes [KENDE].

   Most often, unacceptable centralization is indicated when a proposal
   has one or more of the following damaging effects (or the potential
   for them):

   *  _Power Imbalance_: When a third party has unavoidable access to
      communications, the informational and positional advantages gained
      allow observation of behavior (the "panopticon effect") and
      shaping or even denial of behavior (the "chokepoint effect")
      [JUDGE] -- capabilities that those parties (or the states that
      have authority over them) can use for coercive ends [FARRELL] or
      even to disrupt society itself.  Just as good governance of states
      requires separation of powers [MADISON], so too does good
      governance of the Internet require that power not be concentrated
      in one place without appropriate checks and balances.

   *  _Limits on Innovation_: Consolidation can preclude the possibility
      of "permissionless innovation" -- the ability to deploy new,
      unforeseen applications without requiring coordination with
      parties other than those you are communicating with.

Nottingham               Expires 21 August 2023                 [Page 5]
Internet-Draft    Internet Centralization and Standards    February 2023

   *  _Constraints on Competition_: The Internet and its users benefit
      from robust competition when applications and services are
      available from many providers -- especially when those users can
      build their own applications and services based upon interoperable
      standards.  When a consolidated service or platform must be used
      because no substitutes are suitable, it effectively becomes an
      essential facility, which encourages abuse of power.

   *  _Reduced Availability_: Availability of the Internet (and
      applications and services built upon it) improves when there are
      many ways to obtain access.  While service availability can
      benefit from the focused attention of a large consolidated
      provider, that provider's failure can have a disproportionate
      impact on availability.

   *  _Monoculture_: The scale available to a consolidated provider can
      magnify minor flaws in features to a degree that can have broad
      consequences.  For example, a single codebase for routers elevates
      the impact of a bug or vulnerability; a single recommendation
      algorithm for content can have severe social impact.  Diversity in
      functions' implementation leads to a more robust outcome when
      viewed systemically, because "progress is the outcome of a trial-
      and-error evolutionary process of many agents interacting freely."

   *  _Self-Reinforcement_: As widely noted (see, e.g., [ABRAHAMSON]), a
      consolidated provider's access to data allows it the opportunity
      to make improvements to its offerings, while denying such access
      to others.

   However, these are only indicators, and each needs to be evaluated
   carefully on a case-by-case basis.

   For example, it is important to distinguish centralization from
   anticompetitive concerns (also known as "antitrust").  While there
   are many interactions between these concepts and making the Internet
   more competitive may be a motivation for avoiding consolidation, only
   courts (and sometimes, regulators) have the authority to define a
   relevant market and determine that behavior is anti-competitive.
   Furthermore, what might be considered undesirable consolidation by
   the technical community might not attract competition regulation.
   Conversely, what might attract competition regulation might not be of
   great concern to the technical community if other mitigations are
   felt to be adequate.

   Likewise, while centralization interacts with availability, they are
   distinct and any relationship between them cannot be assumed without
   careful analysis of where and how centralization occurs.  Centralized

Nottingham               Expires 21 August 2023                 [Page 6]
Internet-Draft    Internet Centralization and Standards    February 2023

   systems might be more available because of factors like the resources
   available to them, but also have greater impact when they encounter a
   fault; decentralized systems might be more resilient in the face of
   local failures, but less able to react to systemic issues.  A failure
   because of a cut cable, power outage, or failed server is
   qualitatively different from the issues encountered when a core
   Internet function has a gatekeeper.

   For example, a large variety of Web sites might depend upon a cloud
   hosting provider or content delivery network; if it were to become
   unavailable (whether for technical or other reasons), many people's
   experience of the Internet might be disrupted.  Likewise, a mobile
   Internet access provider might have an outage that affects hundreds,
   thousands, or more of its users.  In both cases, centralization is
   not indicated by the loss of availability or its scale, but it well
   might be if the parties relying on the function don't have reasonable
   options to switch to if they are unhappy with the availability of the
   service provided, or if friction against switching to an alternative
   is too great.

2.2.  How Centralization Occurs

   A function's design can exhibit and encourage centralization in a
   variety of ways.  The subsections below describe different
   contributors to and expressions of centralization in Internet
   functions.  Note that this is not a taxonomy, in that it is not
   complete and there may be overlap.

2.2.1.  Proprietary Centralization

   Creating of a protocol or application with a fixed role for a
   specific party is the most obvious form of centralization.  Many
   messaging, videoconferencing, chat, social networking, and similar
   applications currently operate in this fashion.

   Because they allow control by a single entity, proprietary protocols
   are often considered simpler to design, more amenable to evolution,
   and more likely to meet user needs [MOXIE], compared to decentralized
   alternatives.  However, their centralization is absolute -- if the
   function has no alternative providers, or switching to those
   providers is too difficult, its users are "locked in."

   Proprietary protocols and applications are not considered as being
   part of the Internet per se; instead, they are more properly
   characterized as being built on top of the Internet.  The Internet
   architecture and associated standards do not control them, beyond the
   constraints that the underlying protocols (e.g., TCP, IP, HTTP)

Nottingham               Expires 21 August 2023                 [Page 7]
Internet-Draft    Internet Centralization and Standards    February 2023

2.2.2.  Beneficial Centralization

   Some protocols and applications have goals that require
   centralization, because they rely on it to deliver a particular

   Often, this is due to technical necessity.  For example, a single,
   globally coordinated “source of truth” is by nature centralized --
   such as in the Domain Name System (DNS), which allows human-friendly
   naming to be converted into network addresses in a globally
   consistent fashion.

   Or, consider IP addresses allocation.  Internet routing requires
   addresses to be allocated uniquely, but if a single government or
   company were to capture the addressing function, the entire Internet
   would be at risk of abuse by that entity.  The same benefits and
   risks can be seen in the Web's trust model, thanks to the Certificate
   Authority's role in communication between clients and servers

   Protocols that need to solve the "rendezvous problem" to coordinate
   communication between two parties who are not in direct contact also
   exhibit beneficial centralization.  For example, chat protocols need
   to coordinate communication between two parties that wish to talk;
   while the actual communication can be direct between them (so long as
   the protocol facilitates that), the endpoints' mutual discovery
   typically requires a third party at some point.  From the perspective
   of those two users, the rendezvous function is centralized.

   Even when not strictly necessary, centralization can be deployed to
   beneficial ends.  [SCHNEIDERb] notes that "centralized structures can
   have virtues, such as enabling publics to focus their limited
   attention for oversight, or forming a power bloc capable of
   challenging less-accountable blocs that might emerge.  Centralized
   structures that have earned widespread respect in recent centuries –
   including governments, corporations, and nonprofit organizations –
   have done so in no small part because of the intentional design that
   went into those structures."

   For example, when traffic from many users is mixed in a way that
   can't be distinguished, censorship becomes more difficult.  This "too
   big to block" phenomenon drives the design of many recent protocols
   (such as [ECH]), but they require a degree of centralization to meet
   their goals.

   Likewise, when a function requires governance to realize common goals
   and protect minority interests, a "choke point" is naturally formed
   by the chosen governance mechanism, increasing centralization.  For
   example, content moderation functions concentrate decision making to

Nottingham               Expires 21 August 2023                 [Page 8]
Internet-Draft    Internet Centralization and Standards    February 2023

   impose community values.  Complex and risky functions like financial
   services (e.g., credit card processing) can be seen as beneficially
   centralized into relatively few, specialized organizations, where
   they can received the focused attention that they require.

   When beneficial centralization is present, Internet protocols often
   attempt to mitigate the associated risks using measures such as
   federation (see Section 3.1.1) or multi-stakeholder governance (see
   Section 3.1.2).  Protocols that successfully do so are often reused
   to avoid the considerable cost and risk of re-implementing those
   mitigations.  For example, if a protocol requires a coordinated,
   global naming function, reusing the Domain Name System is usually
   preferable to establishing a new system.

   Ultimately, deciding what is beneficial is a judgment call.  Some
   protocols cannot function without a centralized function; others
   might be significantly enhanced for certain use cases if a function
   is centralized, or might merely be more efficient.  Such judgments
   should be made in light of established architectural principles and
   how benefits accrue to end users.

2.2.3.  Concentration

   Even when a function avoids or mitigates other forms of
   centralization, it might become consolidated in practice when
   external factors influence its deployment, so that few or even just
   one entity provides the function.  This document refers to this
   phenomenon as "concentration."  Concentration can be caused by
   economic, legal, social, and even cognitive factors that encourage
   use of a central function despite the absence of such a requirement
   in the protocol itself.

   Concentration is often associated with the network effects that are
   so often seen on the Internet.  While in theory every node on the
   Internet is equal, in practice some nodes are much more connected
   than others: for example, just a few sites drive much of the traffic
   on the Web. While expected and observed in many kinds of networks,
   these effects award asymmetric power to nodes that act as
   intermediaries to communication.  [BARABASI]

   There may be legitimate qualitative reasons for some nodes being
   favoured over others.  However, when it happens because friction
   against using an alternative prevents switching, benefits are accrued
   to services rather than users.  If choosing an alternate provider
   requires a significant amount of time, resources, expertise,
   coordination, loss of functionality, or effort, centralization is

Nottingham               Expires 21 August 2023                 [Page 9]
Internet-Draft    Internet Centralization and Standards    February 2023

   Conversely, a function based on a well-defined, open specification
   designed to minimize switching costs might be considered to have less
   centralization even when users continue to favor large providers,
   because ease of switching creates implicit competitive pressure upon

   For example, social networking is an application that is currently
   supplied by a few proprietary platforms despite standardization
   efforts (see, e.g., [ACTIVITYSTREAMS]), because of the powerful
   network effects associated.  While there has been some competition in
   social networking, the choices that their peers make often restricts
   individual choices, because of the coordination required to move to a
   new service.

   See [ISOC] for a deeper exploration of concentration.

   Concentration is difficult to avoid in protocol design, and federated
   protocols are particularly vulnerable to it (see Section 3.1.1).

2.2.4.  Inherited Centralization

   Most Internet protocols and applications depend on other, "lower-
   layer" functions and their implementations.  The features,
   deployment, and operation of these dependencies can surface
   centralization into functions and applications built "on top" of

   For example, the network between endpoints can introduce this kind of
   centralization to application-layer protocols because it is necessary
   for communication and therefore has power over it.  A network might
   block access to, slow down, or change the content of various
   application protocols or specific services for financial, political,
   operational, or criminal reasons, thereby creating a disincentive (or
   even removing the ability) to use them.  By selectively hindering the
   use of some services but not others, network interventions can be
   composed to aid concentration in those other services --
   intentionally or not.

   Likewise, having only a single implementation of a protocol is a form
   of inherited centralization, because applications that use it are
   vulnerable to the control it has over their operation.  Even Open
   Source projects can exhibit this if there are factors that make
   forking difficult (for example, the cost of maintaining that fork).

Nottingham               Expires 21 August 2023                [Page 10]
Internet-Draft    Internet Centralization and Standards    February 2023

   Inherited centralization surfaces when viable alternatives to these
   dependencies are not available.  It is often present when network
   effects restrict choices, but can also be created by legal mandates
   and incentives that restrict the options for a function (such as
   Internet access), its provision, or the range of implementations

   Alternatively, it might occur due to scarcity.  For example, the
   exhaustion of IPv4 addresses creates a power differential between
   those who have addresses and those who do not, which can affect how
   the protocols that depend on IP connectivity are deployed and used.
   If those addresses are held by only a few consolidation is the
   result, in turn leading to ossification because new applications
   cannot be deployed without their cooperation.

   Some effects of inherited centralization can be mitigated by
   enforcing layer boundaries using techniques like encryption.  When
   the number of parties who have access to content of communication are
   limited, parties at lower layers can be prevented from interfering
   with and observing it.  Although those lower-layer parties might
   still prevent communication, encryption also makes it more difficult
   to discriminate a target from other users' traffic.

   Note that the prohibitive effect of encryption on inherited
   centralization is most pronounced when most (if not all) traffic is
   encrypted.  See also [RFC7258].

2.2.5.  Platform Centralization

   The complement to inherited centralization is platform centralization
   -- where a function does not directly define a central role, but
   could facilitate consolidation in the applications it supports.

   For example, HTTP [HTTP] is not generally considered a centralized
   protocol; interoperable servers are easy to instantiate, and multiple
   clients are available.  It can be used without central coordination
   beyond that provided by DNS, as discussed above.  However,
   applications built on top of HTTP (as well as the rest of the “Web
   Platform”) often exhibit consolidation (for example, social
   networking).  HTTP is therefore an example of platform centralization
   -- while the protocol itself is not centralized, it facilitates the
   creation of consolidated services and applications.

   Like concentration, platform centralization is difficult to prevent
   with protocol design.  Because of the layered nature of the Internet,
   most protocols allow considerable flexibility in how they are used,
   to promote permissionless innovation.

Nottingham               Expires 21 August 2023                [Page 11]
Internet-Draft    Internet Centralization and Standards    February 2023

3.  Decentralization

   While the term "decentralization" has a long history of use in
   economics, politics, religion, and international development, Baran
   gave one of the first definitions relevant to computer networking, as
   a condition when "complete reliance upon a single point is not always
   required."  [BARAN]

   This seemingly straightforward technical definition hides several

   First, identifying which aspects of a function to decentralize and
   how to do so can be difficult, both because there are often many ways
   a function might be centralized, and because consolidation sometimes
   only becomes clear after the function is deployed at scale.  Efforts
   to decentralize often have the effect of merely shifting
   consolidation to a different place.

   For example, a cloud storage function might be implemented using a
   distributed consensus protocol, assuring that the failure of any
   single node will not affect the system's operation or availability.
   In that sense, it is decentralized.  However, if it is operated by a
   single legal entity, that brings a very different kind of
   centralization, especially if there are few other options available,
   or if there is friction against choosing other options.

   Another example is the Web, which was envisioned and widely held to
   be a decentralizing force in its early life.  Its inherent platform
   centralization only became apparent when large sites successfully
   leveraged network effects for dominance of social networking,
   marketplaces, and similar functions.

   Second, different parties might have good-faith differences on what
   "sufficiently decentralized" means based upon their beliefs,
   perceptions and goals.  Just as centralization is a continuum, so is
   decentralization, and not everyone agrees one what the "right" level
   or type is, how to weigh different forms of centralization against
   each other, or how to weigh potential consolidation against other
   architectural goals (such as security or privacy).

   These tensions can be seen, for example, in the DNS.  While much of
   the system is decentralized through the distribution of the lookup
   function to local servers that users have the option to override, the
   DNS is also a name space -- a single, global "source of truth" with
   inherent (if beneficial) centralization in its management.  ICANN
   mitigates the associated risk through multi-stakeholder governance
   (see Section 3.1.2).  While many believe that this arrangement is
   sufficient and might even have desirable qualities (such as the

Nottingham               Expires 21 August 2023                [Page 12]
Internet-Draft    Internet Centralization and Standards    February 2023

   ability to impose community standards over the operation of the name
   space), others reject ICANN's oversight of the DNS as illegitimate,
   favoring decentralization based upon distributed consensus protocols
   rather than multistakeholderism.  [MUSIANI]

   Third, decentralization unavoidably involves adjustments to the power
   relationships between protocol participants, especially when it opens
   up the possibility of consolidation elsewhere.  As Schneider notes in
   [SCHNEIDERb], decentralization "appears to operate as a rhetorical
   strategy that directs attention toward some aspects of a proposed
   social order and away from others", so "we cannot accept technology
   as a substitute for taking social, cultural, and political
   considerations seriously."  Or, as more bluntly stated in [BODO],
   "without governance mechanisms in place, nodes may collude, people
   may lie to each other, markets can be rigged, and there can be
   significant cost to people entering and exiting markets."

   For example, while blockchain-based cryptocurrencies might address
   the consolidation inherent in traditional currencies through
   technical means, the concentration of power that many exhibit in
   terms of voting/mining power, distribution of funds, and diversity of
   codebase causes some to question how decentralized they actually are.
   [AREWEDECENTRALIZEDYET] The lack of formal structures brings an
   opportunity for latent, informal power structures that have their own
   risks -- including consolidation.  [FREEMAN]

   In practice, this means that decentralizing a function requires
   considerable work, is inherently political, and involves a large
   degree of uncertainty about the outcome.  In particular, if one
   considers decentralization as a larger social goal (in the spirit of
   how the term is used in other, non-computing contexts), merely
   rearranging technical functions may lead to frustration.  "A
   distributed network does not automatically yield an egalitarian,
   equitable or just social, economic, political landscape."  [BODO]

3.1.  Decentralization Techniques

   Over time, a few different techniques have been used to facilitate
   decentralization of Internet protocols.  The subsection below examine
   some of these techniques, along with their limitations.

   None of them is a panacea; it is not possible to completely remove
   all forms of centralization from protocols that, at their heart,
   require agreement between multiple parties.  However, when performed
   properly, decentralization might produce an outcome where that risk
   is understood, acceptable, and, where possible and appropriate,

Nottingham               Expires 21 August 2023                [Page 13]
Internet-Draft    Internet Centralization and Standards    February 2023

   There is also no "correct" way to decentralize; it does not require
   that provision of a function need be distributed in a particular
   fashion, or to a particular degree.  For example, the Domain Name
   System [RFC1035] is widely agreed to have an acceptable form of
   centralization, despite it being provided by a limited set of

3.1.1.  Federation

   A common technique for addressing centralization in Internet
   protocols is federation -- designing them in such a way that new
   instances of a function are easy to create and can maintain
   interoperability and connectivity with other instances.

   For example, SMTP [RFC5321] is the basis of the e-mail suite of
   protocols, which has two functions that exhibit centralization:

   1.  Giving each user a globally unique address, and

   2.  Routing messages to the user, even when they change network
       locations or become disconnected for long periods of time.

   E-mail reuses DNS to help mitigate the first.  To mitigate the
   second, it defines a specific role for routing users' messages, the
   Message Transfer Agent (MTA).  By allowing anyone to deploy an MTA
   and defining rules for interconnecting them, the protocol's users
   avoid a requirement for a single central router.

   Users can (and often do) choose to delegate that role to someone
   else, or run their own MTA.  However, many now consider running a
   personal MTA to be impractical because of the likelihood of a small
   MTA being classified as a spam source.  Because large MTA operators
   are widely known and have greater impact if their operation is
   affected, they are less likely to be classified as such,
   concentrating the protocol’s operation (see Section 2.2.3).

   Another example of a federated Internet protocol is XMPP [RFC6120],
   supporting "instant messaging" and similar functionality.  Like
   e-mail, it reuses DNS for naming and requires federation to
   facilitate rendezvous of users from different systems.

   While some deployments of XMPP do support truly federated messaging
   (i.e., a person using service A can interoperably chat with someone
   using service B), many of the largest do not.  Because federation is
   voluntary, some operators captured their users into a single service,
   denying them the benefits of global interoperability.

Nottingham               Expires 21 August 2023                [Page 14]
Internet-Draft    Internet Centralization and Standards    February 2023

   The examples above illustrate that, while federation can be a useful
   technique for avoiding proprietary centralization and managing
   beneficial centralization, it does not prevent concentration or
   platform centralization.  If a single entity can capture the value
   provided by a protocol, it may use the protocol as a platform to get
   a “winner take all” outcome -- a significant risk with many Internet
   protocols, since network effects often promote such outcomes.
   Likewise, external factors (such as spam control) might naturally
   “tilt the table” towards a few operators.

3.1.2.  Multi-Stakeholder Governance

   Protocol designers sometime attempt to mitigate beneficial
   centralization (see Section 2.2.2) by delegating that function's
   governance to a multi-stakeholder body -- an institution that
   includes representatives of the different kinds of parties that are
   affected by the system's operation ("stakeholders") in an attempt to
   make well-reasoned, legitimate, and authoritative decisions.

   The most widely studied example of this technique is the governance
   of the DNS name space, which as a “single source of truth” exhibits
   beneficial centralization.  The associated risk is managed through
   administration by the Internet Corporation for Assigned Names and
   Numbers (ICANN) (
   governance-en), a global multi-stakeholder body with representation
   from end users, governments, operators, and others.

   Another example is the governance of the Web's trust model,
   implemented by Web browsers as relying parties and Certificate
   Authorities as trust anchors.  To promote the operational and
   security requirements necessary to provide the desired properties,
   the CA/Browser Forum ( was established as an
   oversight body that involves both parties as stakeholders.

   Yet another example of multi-stakeholderism is the standardization of
   Internet protocols themselves.  Because a specification controls
   implementation behavior, the standardization process can be seen as a
   single point of control.  As a result, Internet standards bodies like
   the IETF allow open participation and contribution, make decisions in
   an open and accountable way, have a well-defined process for making
   (and when necessary, appealing) decisions, considering the views of
   different stakeholder groups [RFC8890].

Nottingham               Expires 21 August 2023                [Page 15]
Internet-Draft    Internet Centralization and Standards    February 2023

   A major downside of this approach is that setup and ongoing operation
   of multi-stakeholder bodies is not trivial.  Additionally, their
   legitimacy cannot be assumed, and may be difficult to establish and
   maintain (see, e.g., [PALLADINO]).  This concern is especially
   relevant if the function being coordinated is broad, complex, and/or

3.1.3.  Distributed Consensus

   Increasingly, distributed consensus technologies (such as the
   blockchain) are touted as a solution to consolidation issues.  A
   complete survey of this rapidly changing area is beyond the scope of
   this document, but we can generalize about its properties.

   These techniques attempt to avoid centralization by distributing
   functions to members of a sometimes large pool of protocol
   participants.  They typically guarantee proper performance of a
   function using cryptographic techniques (often, an append-only
   transaction ledger).  A particular task's assignment to a node for
   handling usually cannot be predicted or controlled.

   Sybil attacks (where a party or coordinated parties cheaply create
   enough protocol participants to affect how consensus is judged) are a
   major concern for these protocols.  They encourage diversity in the
   pool of participants using indirect techniques, such as proof-of-work
   (where each participant has to show significant consumption of
   resources) or proof-of-stake (where each participant has some other
   incentive to execute correctly).

   Use of these techniques can create barriers to proprietary and
   inherited centralization.  However, depending upon the application in
   question, both concentration and platform centralization are still

   Furthermore, a protocol or an application can use distributed
   consensus for some functions, but still be centralized elsewhere --
   either because those functions cannot be decentralized (most
   commonly, rendezvous and global naming; see Section 2.2.2) or because
   the designer has chosen not to because of the associated costs and
   lost opportunities.

Nottingham               Expires 21 August 2023                [Page 16]
Internet-Draft    Internet Centralization and Standards    February 2023

   Even when distributed consensus is used for all technical functions
   of a service, some coordination is still necessary -- whether that be
   through governance of the function itself, creation of shared
   implementations, or documentation of shared wire protocols.  That
   represents centralization, just at a different layer (inherited or
   platform).  For example, the Ethereum "merge" demonstrated that the
   blockchain could address environmental concerns, but only through
   coordinated community effort and governance.  [ETHEREUM]

   These potential shortcomings do not rule out the use of distributed
   consensus technologies in every instance.  They do, however, caution
   against uncritically relying upon these technologies to avoid or
   mitigate centralization.

4.  What Should Internet Standards Do?

   Centralization is driven by powerful forces -- both economic and
   social -- as well as the network effects that come with Internet
   scale.  Bodies like the IETF create voluntary standards; they cannot
   require adoption, but when a specification succeeds it creates those
   very network effects.  As such, standards bodies cannot prevent all
   forms of consolidation, but they can still take meaningful steps to
   prevent some of them.  The subsections below suggest a few.

4.1.  Bolster Legitimacy

   Many efforts to address Internet consolidation are likely to take
   place outside of standards bodies.  If the IETF wishes to contribute
   to these efforts and assure their compatibility with the Internet's
   architectural goals, it must be seen as legitimate by the relevant
   parties -- especially, by competition regulators.  Otherwise, if the
   IETF is perceived as representing or being controlled by "big tech"
   concerns, its ability to guide decisions that affect the Internet
   will be diminished considerably.

   The IETF already has features that arguably provide considerable
   legitimacy; for example, open participation and representation by
   individuals rather than companies both enhance input legitimacy; a
   well-defined process with multiple layers of appeals and transparency
   contributes to throughput legitimacy, and a long history of
   successful Internet standards provides perhaps the strongest source
   of legitimacy for the IETF -- its output.

Nottingham               Expires 21 August 2023                [Page 17]
Internet-Draft    Internet Centralization and Standards    February 2023

   However, it is also widely recognized the considerable costs (not
   just financial) involved in successfully participating in the IETF
   have a tendency to favour larger companies over smaller concerns.
   Likewise, the specialised and highly technical nature of the work
   creates barriers to entry for non-technical stakeholders.  These
   factors have the potential to reduce the legitimacy of the IETF's
   decisions, at least in some eyes.

   Efforts to address these shortcomings are ongoing; see, for example,
   [RFC8890].  Overall, bolstering the legitimacy of the organization
   should be seen as a continuous effort.

4.2.  Engage with Centralization Thoroughly but Realistically

   Some kinds of centralization are easy to manage in standards efforts.
   For example, if a protocol with a fixed role for a single party were
   to be proposed to the IETF for publication as a standard, it would be
   rejected out of hand.  There is a growing body of knowledge and
   experience in managing the risks of beneficial centralization, and a
   strong inclination to reuse existing infrastructure where possible.
   As discussed above, encryption is often a way to manage inherited
   centralization, and has become the norm in standard protocols.  These
   responses are appropriate ways for Internet standards to manage

   However, mitigating concentration and platform centralization is much
   more difficult in standards efforts.  Because the IETF has no
   "protocol police", it’s not possible to demand, for example, that
   someone stop building a proprietary service using a federated
   protocol; even if it could, doing so would contradict architectural
   goals like permissionless innovation.  While the imprimatur of an
   Internet Standard is not without value, merely withholding it cannot
   prevent these sources of consolidation.

   Therefore, committing significant resources to scrutinizing protocols
   for latent centralization -- especially for concentration and
   platform centralization -- is unlikely to be effective in preventing
   Internet consolidation.  Almost all existing Internet protocols --
   including IP, TCP, HTTP, and DNS -- exhibit concentration or platform
   centralization.  Refusing to standardize a newer protocol because it
   exhibits similar properties would not be equitable, proportionate, or

   When claims are made that a given proposal is "centralized" or
   "decentralized", the context of those statements should be examined
   for presuppositions, assumptions, and omissions.  One framework for
   critical interrogations is offered by [BACCHI], which can be adapted
   for centralization-related discussions:

Nottingham               Expires 21 August 2023                [Page 18]
Internet-Draft    Internet Centralization and Standards    February 2023

   1.  What is the nature of the centralization that is represented as
       being problematic?

   2.  What deep-seated presuppositions or assumptions (conceptual
       logics) underlie this representation of the "problem"?

   3.  How has this representation of the problem come about?

   4.  What is left unproblematic in this problem representation?  Where
       are the silences?  Can the "problem" be conceptualized

   5.  What effects are produced by this representation of the

   6.  How and where has this representation of the "problem" been
       produced, disseminated and defended?  How has it been and/or how
       can it be disrupted and replaced?

   [SCHNEIDERa] implores that proposals to decentralize be "really,
   really clear about what particular features of a system a given
   design seeks to decentralize" and promotes borrowing remedies from
   more traditional governance systems, such as separation of powers and

   When centralization is found, standards efforts should consider its
   relationship with architectural goals as they consider how to address
   it.  In particular, attention should be paid to how effective
   standards (as a form of architectural control) is in achieving each

   For example, privacy is often more effectively ensured by ex ante
   technical constraints, as compared to ex post legal regulation.
   Conversely (as discussed) some centralization may be more effectively
   addressed through legal regulation.  Thus, a standards effort
   balancing these concerns might focus primarily on privacy.  However,
   these are often not completely separable goals.  Concentration can
   result in one or a few entities having greater volume and variety of
   data available exclusively to them, raising significant privacy and
   security concerns.

4.3.  Decentralize Proprietary Functions

   It is worthwhile to create specifications for functions that are
   currently only available from proprietary providers.  Open standards
   can provide a viable alternative to a consolidated function.

Nottingham               Expires 21 August 2023                [Page 19]
Internet-Draft    Internet Centralization and Standards    February 2023

   Such efforts might include large-scale protocols for existing
   proprietary functions (e.g., chat) as well as smaller efforts to
   improve interoperability and portability of specific features that
   are often used to "lock in" users to a platform; for example, a
   format for lists of contacts in a social network.

   A common objection to this approach is that adoption is voluntary,
   not mandatory; there are no "standards police" to mandate their use
   or enforce correct implementation.  For example, specifications like
   [ACTIVITYSTREAMS]) have been available for some time without being
   used in a federated manner by commercial social networking providers.

   However, while standards aren't mandatory, legal regulation is, and
   legal mandates for interoperability are increasingly discussed by
   policymakers as a remedy for competition issues (see, e.g., [OECD]).

   As such, appetite for regulation presents an opportunity for new
   specifications to decentralize these functions, backed by a legal
   mandate in combination with changing norms and the resulting market
   forces [LESSIG].  That opportunity also presents a risk, however, if
   the resulting legal regulation is at odds with the Internet

   Successfully creating standards that work in concert with legal
   regulation presents many potential pitfalls, and will require
   improved and new capabilities (especially liaison, likely originating
   in the IAB), and considerable effort.  If the Internet community does
   not make that effort, it is likely that regulators will turn to other
   sources of interoperability specifications -- most likely, with less
   transparency, more narrow input, limited experience, and without
   reference to the Internet’s architectural goals.

4.4.  Evaluate New Decentralization Techniques

   The decentralization techniques listed in Section 3.1 are not a
   closed set; wide interest has spurred development of new approaches,
   both in general and as solutions to specific problems.

   For example, secure multi-party computation techniques (see, e.g.,
   [YAO]) can be composed to allow parties to compute over private
   inputs without revealing them.  Protocols like [ENPA] and [PRIO] use
   them to limit the information available to participants in protocols
   to realize privacy goals; as discussed in Section 4.6 doing so might
   also counteract some sources of centralization.  However, as with
   those covered above, these techniques do not automatically preclude
   all consolidation; such systems often still require trust, even if it
   is limited, and that might result in other forms of consolidation

Nottingham               Expires 21 August 2023                [Page 20]
Internet-Draft    Internet Centralization and Standards    February 2023

   Whether use of these techniques (or others) can meaningfully
   counteract consolidation is still uncertain.  Standards bodies
   (including the IETF) can serve an important function by incubating
   them, applying (and, where necessary, developing) architectural
   guidelines for privacy, security, operability, and other goals, and
   assuring interoperability.  When appropriate, publication on the
   standards track or as experimental can send signals to implementers,
   users, and regulators about their fitness for particular purposes.

4.5.  Enable Switching

   To minimize centralization, standards-defined functions should have
   an explicit goal enabling users' switching between implementations
   and deployments of protocols.

   One necessary condition for this is the availability of alternatives;
   breadth and diversity of implementation and deployment are required.
   Section 2.1 of [RFC5218] explores some factors in protocol design
   that encourage this outcome.

   Another factor is the cost of substituting an alternative
   implementation or deployment by users.  This implies that the
   standard needs to be functionally complete and specified precisely
   enough to allow substitution.

   These goals of completeness and diversity are sometimes in tension.
   If a standard becomes extremely complex, it may discourage
   implementation diversity because the cost of a complete
   implementation is too high (consider: Web browsers).  On the other
   hand, if the specification is too simple, it may not enable easy
   switching, especially if proprietary extensions are necessary to
   complete it (see Section 4.7).

   One objection to protocols that enable easy switching is that they
   reduce the incentives for implementation by commercial vendors.
   While a completely commoditized protocol might not allow
   implementations to differentiate themselves, they provide
   opportunities for specialization and improvement elsewhere in the
   value chain [CHRISTENSEN].  Well-timed standards efforts leverage
   these forces to focus proprietary interests on top of open
   technology, rather than as a replacement for it.

4.6.  Control Delegation of Power

   Some functions might see substantial benefits if they are provided by
   a third party in communication.  Adding a new party to communication
   can improve:

Nottingham               Expires 21 August 2023                [Page 21]
Internet-Draft    Internet Centralization and Standards    February 2023

   *  _Efficiency_: Many functions on the Internet are more efficient
      when performed at a higher scale.  For example, a content delivery
      network can offer services at a fraction of the financial and
      environmental cost that someone serving content themselves would
      otherwise pay, because of the scale they operate at.  Likewise, a
      two-sided market platform can introduce sizeable efficiencies over
      pair-wise buyer/seller trading [SPULBER].

   *  _Simplicity_: Completely disintermediating communication can shift
      the burden of functions onto endpoints.  This can cause increased
      cognitive load for users; for example, compare commercial social
      networking platforms with self-hosted efforts.

   *  _Specialization_: Having a function concentrated into a few hands
      can improve outcomes because of the resulting specialization.  For
      example, services overseen by professional administrators are
      often seen to have a better security posture and improved

   *  _Privacy_: For some functions, user privacy can be improved by
      concentrating their activity to prevent individual behaviors from
      being discriminated from each other.[CHAUM] Introduction of a
      third party can also enforce functional boundaries -- for example,
      to reduce the need for users to trust potentially malicious
      endpoints, as seen in the so-called "oblivious" protocols (e.g.,
      [RFC9230]) that allow end users to hide their identity from
      services, while still accessing them.

   However, introducing a new party to communication adds concentration
   and platform centralization to Internet functions, because it brings
   opportunities for control and observation.  While (as discussed
   above) standards efforts have a very limited capability to prevent or
   control the resulting consolidation, designing functions with
   thoughtful constraints on third party functions can prevent at least
   the most egregious outcomes.

   Most often, third parties are added to functions as "intermediaries"
   or in designated "agent" roles.  In general, they should only be
   interposed because of the positive action of at least one of the
   primary parties, and should have their ability to observe or control
   communication limited to what is necessary to perform their intended

   For example, early deployments of HTTP allowed intermediaries to be
   interposed by the network without knowledge of the endpoints, and
   those intermediaries could see and change the full content of traffic
   by default -- even when they are only intended to perform basic
   functions such as caching.  Because of the introduction of HTTPS and

Nottingham               Expires 21 August 2023                [Page 22]
Internet-Draft    Internet Centralization and Standards    February 2023

   the CONNECT method (see Section 9.3.6 of [HTTP]), combined with
   efforts to encourage its adoption, those intermediaries are now
   required to be explicitly interposed by one endpoint.

   See [I-D.thomson-tmi] for more guidance on protocol intermediation.

   The term "intermediary" is also used (often in legal and regulatory
   contexts) more broadly than it has been in protocol design; for
   example, an auction Web site intermediates between buyers and sellers
   is considered an intermediary, even though it is not formally an
   intermediary in HTTP (see Section 3.7 of [HTTP]).  Protocol designers
   can address the centralization associated with this kind of
   intermediation by standardising the function, rather than restricting
   the capabilities of the underlying protocols; see Section 4.3.

4.7.  Consider Extensibility and Modularity Carefully

   The Internet's ability to evolve is critical, allowing it to meet new
   requirements and adapt to new conditions without requiring a “flag
   day” to upgrade implementations.  Typically, functions accommodate
   evolution by defining extension interfaces, which allow optional
   features to be added or change over time in an interoperable fashion.

   However, these interfaces can also be a basis for platform
   centralization if a powerful entity can change the target for
   meaningful interoperability by adding proprietary extensions to a
   standard.  This is especially true when the core standard does not
   itself provide sufficient utility on its own.

   For example, the SOAP protocol's [SOAP] extreme flexibility and
   failure to provide significant standalone value allowed vendors to
   require use of their preferred extensions, favoring those who had
   more market power.

   Therefore, standards efforts should focus on providing concrete
   utility to the majority of their users as published, rather than
   being a “framework” where interoperability is not immediately
   available.  Internet functions should not make every aspect of their
   operation extensible; boundaries between modules should be designed
   in a way that allows evolution and discourages consolidation, while
   still offering meaningful functionality.

   Beyond allowing evolution, well-considered interfaces can also aid
   decentralization efforts.  The structural boundaries that emerge
   between the sub-modules of the function -- as well as those with
   adjacent functions -- provide touchpoints for interoperability and an
   opportunity for substitution of providers.

Nottingham               Expires 21 August 2023                [Page 23]
Internet-Draft    Internet Centralization and Standards    February 2023

   In particular, if the interfaces of a function are well-defined and
   stable, there is an opportunity to use different providers for that
   function.  When those interfaces are open standards, change control
   resides with the Internet community instead of remaining in
   proprietary hands, further enhancing stability and enabling (but not
   ensuring) decentralization.

5.  Security Considerations

   This document does not have a direct security impact on Internet
   protocols.  However, failure to consider centralization might cause a
   myriad of security issues.

6.  Informative References

              Abrahamson, Z., "Essential Data", Yale Law Journal, Vol.
              124, No. 3, 2014,

              Prodromou, E., Ed. and J. Snell, Ed., "Activity Streams
              2.0", W3C CR CR-activitystreams-core-20161215, W3C CR-
              activitystreams-core-20161215, 15 December 2016,

   [ALIGIA]   Aligia, P. D. and V. Tarko, "Polycentricity: From Polanyi
              to Ostrom, and Beyond", Governance: An International
              Journal of Policy, Administration, and Institutions, Vol.
              25, No. 2, p. 237, April 2012,

              bitcoinera, "Are We Decentralized Yet?", 2022,

   [BACCHI]   Bacchi, C., "Introducing the ‘What’s the Problem
              Represented to be?’ approach", Chapter 2, Engaging with
              Carol Bacchi, 2012, <

   [BARABASI] Albert, R., "Emergence of Scaling in Random Networks",
              SCIENCE, Vol. 286, No. 15, p. 509, October 1999,

Nottingham               Expires 21 August 2023                [Page 24]
Internet-Draft    Internet Centralization and Standards    February 2023

   [BARAN]    Baran, P., "On Distributed Communications: Introduction to
              Distributed Communications Networks", 1964,

   [BCP95]    Alvestrand, H., "A Mission Statement for the IETF",
              BCP 95, RFC 3935, October 2004.

   [BODO]     Bodó, B., Brekke, J. K., and J.-H. Hoepman,
              "Decentralization: a multidisciplinary perspective",
              Internet Policy Review, Vol. 10, No. 2, June 2021,

   [CHAUM]    Chaum, D. L., "Untraceable Electronic Mail, Return
              Addresses, and Digital Pseudonyms", Communications of the
              ACM, Vol. 24, No. 2, February 1981,

              Christensen, C., "The Law of Conservation of Attractive
              Profits", Harvard Business Review, "Breakthrough Ideas for
              2004", February 2004.

   [ECH]      Rescorla, E., Oku, K., Sullivan, N., and C. A. Wood, "TLS
              Encrypted Client Hello", Work in Progress, Internet-Draft,
              draft-ietf-tls-esni-15, 3 October 2022,

   [ENPA]     Apple and Google, "Exposure Notification Privacy-
              preserving Analytics (ENPA) White Paper", April 2021,

   [ETHEREUM] Ethereum, "The Merge", February 2023,

   [FARRELL]  Farrell, H. and A. L. Newman, "Weaponized Interdependence:
              How Global Economic Networks Shape State Coercion",
              International Security, Vol. 44, No. 1, p. 42, 2019,

   [FREEMAN]  Freeman, J., "The Tyranny of Structurelessness", Berkeley
              Journal of Sociology, Vol. 17, 1972,

Nottingham               Expires 21 August 2023                [Page 25]
Internet-Draft    Internet Centralization and Standards    February 2023

   [HTTP]     Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
              Ed., "HTTP Semantics", STD 97, RFC 9110,
              DOI 10.17487/RFC9110, June 2022,

              Thomson, M., "Principles for the Involvement of
              Intermediaries in Internet Protocols", Work in Progress,
              Internet-Draft, draft-thomson-tmi-04, 8 September 2022,

   [ISOC]     Internet Society, "Consolidation in the Internet Economy",
              Internet Society Global Internet Report, 2019,

   [JUDGE]    Judge, K., "Intermediary Influence", University of Chicago
              Law Review, Vol. 82, p. 573, 2014,

   [KENDE]    Kende, M., Kvalbein, A., Allford, J., and D. Abecassis,
              "Study on the Internet's Technical Success Factors",
              December 2021, <

   [LESSIG]   Lessig, L., "The New Chicago School", Journal of Legal
              Studies, Vol. 27, June 1998,

   [MADISON]  Madison, J., "The Structure of the Government Must Furnish
              the Proper Checks and Balances Between the Different
              Departments", The Federalist Papers, No. 51, February

   [MOXIE]    Marlinspike, M., "Reflections: The ecosystem is moving",
              May 2016,

   [MUSIANI]  Musiani, F., "Alternative Technologies as Alternative
              Institutions: The Case of the Domain Name System", The
              Turn to Infrastructure in Internet Governance, 2016,

Nottingham               Expires 21 August 2023                [Page 26]
Internet-Draft    Internet Centralization and Standards    February 2023

   [OECD]     OECD, "Data portability, interoperability and digital
              platform competition", June 2021,

   [OLUMOFIN] Olumofin, F. and I. Goldberg, "Revisiting the
              Computational Practicality of Private Information
              Retrieval", 2010, <

              Palladino, N. and N. Santaniello, "Legitimacy, Power, and
              Inequalities in the Multistakeholder Internet Governance",
              2020, <

   [PRIO]     Corrigan-Gibbs, H. and D. Boneh, "Prio: Private, Robust,
              and Scalable Computation of Aggregate Statistics", March
              2017, <>.

   [RFC1035]  Mockapetris, P., "Domain names - implementation and
              specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,
              November 1987, <>.

   [RFC4271]  Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A
              Border Gateway Protocol 4 (BGP-4)", RFC 4271,
              DOI 10.17487/RFC4271, January 2006,

   [RFC5218]  Thaler, D. and B. Aboba, "What Makes for a Successful
              Protocol?", RFC 5218, DOI 10.17487/RFC5218, July 2008,

   [RFC5321]  Klensin, J., "Simple Mail Transfer Protocol", RFC 5321,
              DOI 10.17487/RFC5321, October 2008,

   [RFC6120]  Saint-Andre, P., "Extensible Messaging and Presence
              Protocol (XMPP): Core", RFC 6120, DOI 10.17487/RFC6120,
              March 2011, <>.

   [RFC7258]  Farrell, S. and H. Tschofenig, "Pervasive Monitoring Is an
              Attack", BCP 188, RFC 7258, DOI 10.17487/RFC7258, May
              2014, <>.

Nottingham               Expires 21 August 2023                [Page 27]
Internet-Draft    Internet Centralization and Standards    February 2023

   [RFC791]   Postel, J., "Internet Protocol", STD 5, RFC 791,
              DOI 10.17487/RFC0791, September 1981,

   [RFC793]   Postel, J., "Transmission Control Protocol", RFC 793,
              DOI 10.17487/RFC0793, September 1981,

   [RFC8890]  Nottingham, M., "The Internet is for End Users", RFC 8890,
              DOI 10.17487/RFC8890, August 2020,

   [RFC9230]  Kinnear, E., McManus, P., Pauly, T., Verma, T., and C.A.
              Wood, "Oblivious DNS over HTTPS", RFC 9230,
              DOI 10.17487/RFC9230, June 2022,

              Schneider, N., "What to do once you admit that
              decentralizing everything never seems to work", Hacker
              Noon, October 2022,

              Schneider, N., "Decentralization: an incomplete ambition",
              Journal of Cultural Economy, Vol. 12, No. 4, 2019,

   [SOAP]     Mitra, N., Ed. and Y. Lafon, Ed., "SOAP Version 1.2 Part
              0: Primer (Second Edition)", W3C REC REC-
              soap12-part0-20070427, W3C REC-soap12-part0-20070427, 27
              April 2007,

   [SPULBER]  Spulber, D. F., "Solving The Circular Conundrum:
              Communication And Coordination In Internet Markets",
              Northwestern University Law Review, Vol. 104, No. 2, 2010,

   [YAO]      Yao, A. C., "Protocols for secure computations", SFCS '82,
              November 1982,

Nottingham               Expires 21 August 2023                [Page 28]
Internet-Draft    Internet Centralization and Standards    February 2023

Appendix A.  Acknowledgements

   This document benefits from discussions with Brian Trammell during
   our shared time on the Internet Architecture Board.

   Thanks to Jari Arkko, Kristin Berdan, Christian Huitema, Mallory
   Knodel, Eliot Lear, Tommy Pauly, and Martin Thomson for their
   comments and suggestions.

   No machine learning models were used in the production of this

Author's Address

   Mark Nottingham

Nottingham               Expires 21 August 2023                [Page 29]