[Cryptography] Dark Mail Alliance specs?

[Bear]

On Wed, 2014-03-26 at 18:30 -0400, Jerry Leichter wrote:

> There is absolutely no reason why the owner's and user's security
> interests will be the same.  They almost never will be.  *But this is
> exactly why we have contract law.*

> If I rent a car, the car owner retains ownership, and from his point of
> view, the best thing would be for the car to sit in a well-guarded,
> climate-controlled parking lot 24x7.  ... 

It's true, I trust cloud server companies less than I trust car rental 
companies.  But there's a good reason for that.  Cloud server companies 
are effectively immune to contract law with respect to user-oriented 
security of the machines.

There is no risk, from my point of view, that the car is not doing what 
I want it to.  As a human being actually driving it, I can see where I 
am and I can tell that the car is responding to the controls, etc. 

Similarly, when I rent cloud servers, I can tell that network requests 
are being served, that compute jobs are getting done, and that all the 
positive results I want are actually happening.  

But security is a negative result. If you want to demonstrate security 
you want to show that something *didn't* happen, and that is much much 
more difficult. I don't know whether the cloud machine I rented is 
secure in my interests as a user or just a VM sitting there logging 
all the packets and memory writes, until suddenly I'm seeing my
customers' credit card details being sold at black hat sites.  

Because the machine owners can in principle break the machine users' 
security with impunity, with no evidence visible to the user, and 
then later deny all knowledge of how that customer database got out
there, I'm never going to be able to prove it if the security of 
the cloud fails me.  In the absence of a reliable way to have 
evidence of breach of contract, any reliance on contract law is 
likely to be long drawn out, expensive, and ultimately fruitless.

				Bear