[Cryptography] Dark Mail Alliance specs?

[Bear]

On Thu, 2014-03-27 at 12:22 +0100, Ralf Senderek wrote:

> > Because the machine owners can in principle break the machine users'
> > security with impunity, with no evidence visible to the user, and
> > then later deny all knowledge of how that customer database got out
> > there, I'm never going to be able to prove it if the security of
> > the cloud fails me.
> 
> That's true if you assume that root access and invisible modification
> of crucial software is possible. Otherwise there is evidence.

I do assume that.  I can set up a virtual machine in userspace and give 
someone root access to that virtual machine at any moment.  And while 
they have root access, I can still go in and commit live edits to their 
running image, invisibly modifying crucial software on their virtual 
disk, performing actions that ought to require 'root' while leaving 
no logfile traces, etc.  Doing this doesn't even require me to have 
root access on the host machine.  Why do I have a reason to assume 
that the people running these data centers, who are in the business 
of setting up virtual machines, and who *do* have root access on 
their local machines, can't do the same thing?  Indeed, why do I have 
a  reason to assume they're not routinely being compelled to?  

I may be excessively cynical, but hearing the words "cloud" and
"security" in the same sentence, if the speaker wants me to believe 
him, is only likely to make me angry.