[Cryptography] Dark Mail Alliance specs?

[ianG]

>>> There is absolutely no reason why the owner's and user's security interests
>>> will be the same.  They almost never will be.  *But this is exactly why we
>>> have contract law.*
>>
>>> ... Yes, you have to place additional trust that the provider will actually
>>> live up to that contract - but that's what legal systems are all about.
>> I was with you all the way up to that last bit. When one of the major security threats comes from the government, relying on the legal system to enforce contractual security agreements does not give great confidence.
> And the alternative is ... what, exactly?

Take a deep breath.  Sit down and think about it.  Do the threat
analysis, decide what tools you can use, and how.  Do the risk analysis.


> All security ultimately depends on physical security, and governments are defined by their monopoly on force.


Pah.  Libertarian ranting and defeatism.  Crooks use force all the time,
and in their use, they have a local temporal monopoly.  Governments just
have a slightly longer one, with rather less clarity and purpose.
Either way it hurts the same, but somehow we manage to keep crooks at bay.

It's just a security exercise.  It's no different to any other.

Read Sun Tzu.  The art of war teaches us to rely not on the likelihood
of the enemy's not coming, but on our own readiness to receive him; not
on the chance of his not attacking, but rather on the fact that we have
made our position unassailable.

Although, I grant, using a cloud server is a bit like surrendering
before the drums of war have even sounded....but maybe you can use a
1000 cloud servers.


iang