The regulation is intended to encourage a stable equilibrium among labs that may willingly follow that regulation for profit-motivated reasons.
Extreme threat modeling doesn’t suggest ruling out plans that fail against almighty adversaries, it suggests using security mindset: reduce unnecessary load-bearing assumptions in the story you tell about why your system is secure. The proposal is mostly relying on standard cryptographic assumptions, and doesn’t seem likely to do worse in expectation than no regulation.
The regulation is intended to encourage a stable equilibrium among labs that may willingly follow that regulation for profit-motivated reasons.
Extreme threat modeling doesn’t suggest ruling out plans that fail against almighty adversaries, it suggests using security mindset: reduce unnecessary load-bearing assumptions in the story you tell about why your system is secure. The proposal is mostly relying on standard cryptographic assumptions, and doesn’t seem likely to do worse in expectation than no regulation.