[lolc]

> The odds that someone compromises a Helm update and the odds that someone walks out of us-east2a with a drive are not in the same ballpark.

Sure, but why are you comparing a software compromise against physical access? There are attacks that work against cloud providers which don't work against Helm. If somebody can compromise a Helm update they essentially got root. And that is a step up from just read access to storage.

Here's how I see it: There is a provider that runs my mail infrastructure. They can either run it on AWS, or host it at my home. If the data is in my home I don't have to trust Amazon. I still have to trust my mail provider ultimately, but using AWS doesn't improve on that.

[lvh]

Because we started talking about FDE specifically?

[lolc]

I don't get why you're so hung up about physical access. But at least I think I understand how we got there:

gsreenivas: Most cloud-based email services hold email in the clear

lvh: are you suggesting cloud e-mail services don't use FDE?

lolc: They may but they also hold the keys.

lvh: it's a lot easier to walk out with a box in my kitchen than it is to walk out with a drive from us-east-2a

lolc: How many people have access to drives in us-east-2a?

In that last quote I should have said "storage", because I didn't mean physical access only. So apologies if that set you on the wrong track.