[Cryptography] Dark Mail Alliance specs?
Bear
bear at sonic.net
Thu Mar 27 13:34:00 EDT 2014
On Thu, 2014-03-27 at 12:22 +0100, Ralf Senderek wrote:
> > Because the machine owners can in principle break the machine users'
> > security with impunity, with no evidence visible to the user, and
> > then later deny all knowledge of how that customer database got out
> > there, I'm never going to be able to prove it if the security of
> > the cloud fails me.
>
> That's true if you assume that root access and invisible modification
> of crucial software is possible. Otherwise there is evidence.
I do assume that. I can set up a virtual machine in userspace and give
someone root access to that virtual machine at any moment. And while
they have root access, I can still go in and commit live edits to their
running image, invisibly modifying crucial software on their virtual
disk, performing actions that ought to require 'root' while leaving
no logfile traces, etc. Doing this doesn't even require me to have
root access on the host machine. Why do I have a reason to assume
that the people running these data centers, who are in the business
of setting up virtual machines, and who *do* have root access on
their local machines, can't do the same thing? Indeed, why do I have
a reason to assume they're not routinely being compelled to?
I may be excessively cynical, but hearing the words "cloud" and
"security" in the same sentence, if the speaker wants me to believe
him, is only likely to make me angry.
More information about the cryptography
mailing list