[Cryptography] Dark Mail Alliance specs?
bear at sonic.net
Wed Mar 26 19:59:22 EDT 2014
On Wed, 2014-03-26 at 18:30 -0400, Jerry Leichter wrote:
> There is absolutely no reason why the owner's and user's security
> interests will be the same. They almost never will be. *But this is
> exactly why we have contract law.*
> If I rent a car, the car owner retains ownership, and from his point of
> view, the best thing would be for the car to sit in a well-guarded,
> climate-controlled parking lot 24x7. ...
It's true, I trust cloud server companies less than I trust car rental
companies. But there's a good reason for that. Cloud server companies
are effectively immune to contract law with respect to user-oriented
security of the machines.
There is no risk, from my point of view, that the car is not doing what
I want it to. As a human being actually driving it, I can see where I
am and I can tell that the car is responding to the controls, etc.
Similarly, when I rent cloud servers, I can tell that network requests
are being served, that compute jobs are getting done, and that all the
positive results I want are actually happening.
But security is a negative result. If you want to demonstrate security
you want to show that something *didn't* happen, and that is much much
more difficult. I don't know whether the cloud machine I rented is
secure in my interests as a user or just a VM sitting there logging
all the packets and memory writes, until suddenly I'm seeing my
customers' credit card details being sold at black hat sites.
Because the machine owners can in principle break the machine users'
security with impunity, with no evidence visible to the user, and
then later deny all knowledge of how that customer database got out
there, I'm never going to be able to prove it if the security of
the cloud fails me. In the absence of a reliable way to have
evidence of breach of contract, any reliance on contract law is
likely to be long drawn out, expensive, and ultimately fruitless.
More information about the cryptography