I updated the document. I tried to simplify the key protection stuff (hopefully it makes a bit more sense) and added an example at the bottom on how you might do a search and fetch using encrypted field values.
http://people.apache.org/~mgentry/Security_Manifesto.pdf mrg
