Here's a challenge directly relevant to this group: Can you design a comsec system so that pressure against a code clerk will not do unbounded damage? What about pressure against a comsec system designer?
Modulo Steve's comments about the threat model, Ben Laurie and I wrote a paper on this theme a few years ago:
http://www.acsac.org/2000/papers/47.pdf
I developed that paper's threat model into chapter 4 of my PhD thesis: http://www.cs.ucl.ac.uk/staff/I.Brown/pimms/thesis.pdf
We are still hopeful that we will eventually get somewhere with our Internet draft improving the forward secrecy capabilities of OpenPGP:
http://www.cs.ucl.ac.uk/staff/I.Brown/openpgp-pfs.txt
--
+44 7970 164 526 / http://www.cs.ucl.ac.uk/staff/I.Brown/
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]