[Cryptography] Dark Mail Alliance specs?
Bear
bear at sonic.net
Fri Mar 28 16:15:03 EDT 2014
On Thu, 2014-03-27 at 09:40 -0400, Jerry Leichter wrote:
> > > ... Yes, you have to place additional trust that the provider will actually
> > > live up to that contract - but that's what legal systems are all about.
> > I was with you all the way up to that last bit. When one of the major
> >security threats comes from the government, relying on the legal system
> >to enforce contractual security agreements does not give great confidence.
> And the alternative is ... what, exactly?
A lack of confidence. This is a tautology.
Those are literally the two alternatives; one trusts in something
that cannot be secured, or one does not trust in something that
cannot be secured.
The absence of effective technical means to secure something or
detect a security failure implies the absence of effective legal
means to secure that thing or punish that security failure.
Hmm. As I read it, I think maybe the sentence above is one of
those fundamental truths like Kerckhoffs principle that ought to
be internalized in the entire industry.
Bear
More information about the cryptography
mailing list