[Cryptography] Dark Mail Alliance specs?

Bear bear at sonic.net
Fri Mar 28 16:15:03 EDT 2014

On Thu, 2014-03-27 at 09:40 -0400, Jerry Leichter wrote:

> > > ... Yes, you have to place additional trust that the provider will actually
> > > live up to that contract - but that's what legal systems are all about.

> > I was with you all the way up to that last bit. When one of the major
> >security threats comes from the government, relying on the legal system
> >to enforce contractual security agreements does not give great confidence.

> And the alternative is ... what, exactly?

A lack of confidence.  This is a tautology.

Those are literally the two alternatives; one trusts in something 
that cannot be secured, or one does not trust in something that 
cannot be secured.  

The absence of effective technical means to secure something or 
detect a security failure implies the absence of effective legal 
means to secure that thing or punish that security failure.

Hmm.  As I read it, I think maybe the sentence above is one of
those fundamental truths like Kerckhoffs principle that ought to 
be internalized in the entire industry.  


More information about the cryptography mailing list