[IANAtransition] what's the threat model?
mfidelman at meetinghouse.net
Wed Apr 23 12:52:20 UTC 2014
It occurs to me, that in all the talk about accountability and
multistakeholder governance, I've seen very little discussion of
anything resembling a list of what we're trying to protect against. Yes,
those are good things, but they're awfully nebulous - they generate lots
of discussion, but not a lot of clarity. Which suggests that maybe we
need to look at things from a different angle.
We're talking about a registry function - and one that's rather similar
to other registry functions (telephone number spaces, bank card numbers,
ethernet MAC addresses, phone number portability, trademarks, etc.,
etc.). There are lots of registries in the world, and multiple models:
quasi-governmental (e.g., ITU), voluntary standards organization w/
separate registry (e.g., ISO/ANSI for bank card identifiers), single
voluntary organization (IEEE for lots of things) - and they all seem to
do the job.
Which raises the question: Why do we really care? NTIA pulls out, the
chips will fall somewhere, things will probably keep "working," and most
people won't notice that anything has changed.
So... What threats are we actually worried about? What kinds of things
can go wrong? Are there examples of registry failures that anyone can
point to and say "we need to prevent <this> from happening?"
More information about the ianatransition