[IANAtransition] what's the threat model?
jcurran at istaff.org
Wed Apr 23 14:12:43 UTC 2014
On Apr 23, 2014, at 9:52 AM, Miles Fidelman <mfidelman at meetinghouse.net> wrote:
> It occurs to me, that in all the talk about accountability and multistakeholder governance, I've seen very little discussion of anything resembling a list of what we're trying to protect against. Yes, those are good things, but they're awfully nebulous - they generate lots of discussion, but not a lot of clarity. Which suggests that maybe we need to look at things from a different angle.
> We're talking about a registry function - and one that's rather similar to other registry functions (telephone number spaces, bank card numbers, ethernet MAC addresses, phone number portability, trademarks, etc., etc.). There are lots of registries in the world, and multiple models: quasi-governmental (e.g., ITU), voluntary standards organization w/ separate registry (e.g., ISO/ANSI for bank card identifiers), single voluntary organization (IEEE for lots of things) - and they all seem to do the job.
> Which raises the question: Why do we really care? NTIA pulls out, the chips will fall somewhere, things will probably keep "working," and most people won't notice that anything has changed.
> So... What threats are we actually worried about? What kinds of things can go wrong? Are there examples of registry failures that anyone can point to and say "we need to prevent <this> from happening?"
Steve DelBianco wrote a nice post regarding programmers and "use cases"; it
poses several potential scenarios that might be worthy of consideration -
Disclaimer: My views alone.
More information about the ianatransition