OK, the problem is what if authority force you to reveal the keys? I am sure you all know this:
http://www.cypherpunks.ca/otr/Protocol-v2-3.0.0.html Perfect forward secrecy If you lose control of your private keys, no previous conversation is compromised. Why not to add aditional feature: to generate keys each time Tor is started (or even for each "conversation")? Then you have perfect forward secrecy AND also future secrecy (except an attacker steals key for each "conversation" at the beginning of it). And if keys are not stored anywhere, you can't give them. Or this has already been discussed and I am missing something? bye, Matej
