[Cryptography] Dark Mail Alliance specs?

Jerry Leichter leichter at lrw.com
Wed Mar 26 18:30:35 EDT 2014 

On Mar 26, 2014, at 3:56 PM, Bear <bear at sonic.net> wrote:
> If the machines in a cloud are secure, that means that they 
> do exactly what their owners want and intend them to.  
> 
> The problem arises because the users are not the owners.
...which is the way things are in essentially all large-scale settings.  It's easy to say that "GE" - to pick the name of a large company at random - owns all the machines in all its data centers, but in fact the "ownership" is complicated, because machines may be assigned for use by particular groups which have their own security policies, which somehow have to mesh with the policies of their super-organizations all the way up to GE the corporation.  And even that ignores cross-cutting concerns like corporate mandates that an auditing organization has access.

And what if the machines are on GE's property but are actually leased from someone else?

You definition of "secure", while it sounds nice, just doesn't cover much beyond personally owned machines.

> Without some very strong reason to trust that the owners' 
> security interests are in fact the users' security interests 
> there is no reason to even consider security on such machines
> to be an advantage for the user.
There is absolutely no reason why the owner's and user's security interests will be the same.  They almost never will be.  *But this is exactly why we have contract law.*

If I rent a car, the car owner retains ownership, and from his point of view, the best thing would be for the car to sit in a well-guarded, climate-controlled parking lot 24x7.  But I'm not about to pay to rent a car under terms that satisfy the car owner's best interests; I pay in order to satisfy *my* best interests.  So I and the car owner agree on what I'm allowed to do ("drive the car in this and the two adjacent states; carry insurance that will make the owner whole should I wreck the car), and what I'm not allowed to do (drive in the desert; do damage to the car and not pay to get it fixed).  To compensate for the car owner not getting his best interests served, he gets some money.

It's no different with cloud servers.  Either you can agree on a contract that satisfies both parties along all the relevant dimensions, including security; or you can't.  Yes, you have to place additional trust that the provider will actually live up to that contract - but that's what legal systems are all about.    

                                                        -- Jerry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140326/89b73cd3/attachment.bin>

More information about the cryptography mailing list