[Cryptography] Dark Mail Alliance specs?

[Bear]

On Thu, 2014-03-27 at 21:32 +0100, Ralf Senderek wrote:
> On Thu, 27 Mar 2014, Bear wrote:
> > I do assume that.  I can set up a virtual machine in userspace and give
> > someone root access to that virtual machine at any moment.
> 
> As you've read my posting carefully you'll know that I assume a dedicated
> machine and not VPS nor shared hosting.

The threat under discussion, at least from my POV, was the conflict 
between security requirements of the machine owners and the machine 
users.  As such the entity we're worried about as users is the machine
owner - who does in fact have physical access to the machine and who 
can choose at any moment regardless of what the user believes he's 
getting whether it's a dedicated machine, VPS, or shared hosting. 

> > I can still go in and commit live edits to their
> > running image, invisibly modifying crucial software on their virtual
> > disk, performing actions that ought to require 'root' while leaving
> > no logfile traces, etc.  Doing this doesn't even require me to have
> > root access on the host machine.
> 
> How would you possibly do that on a running dedicated server?

By being the owner of the machine, with physical access, ability to 
reboot as needed, ability to emulate in software if that facilitates 
my attack, etc. The machine user is nowhere around to make sure that 
he's actually getting the running dedicated server he paid for, and
as the machine owner I can fix it so absolutely every packet he gets
is indistinguishable from what he'd get if he were. No evidence means
no crime.