".c4.11.7.1.1 Security System Objectives: The Offeror shall specify [..] whether it is possible to hide information in the digital signature number of which the signer would be unaware, which could conceal information. "
Such as parts of the key?
Yup, that's why you always want to know who implemented your authentication scheme. But the fact that an algorithm is capable of doing sumliminal messaging does not speak badly about it. In fact, I think it is an extremelly good sign that this was placed in the RFP. It shows that they are aware of the potential problem and are trying to avoid it (IMNSHO). If a cable company actually tried to leak your key in this manner, it would create an enourmous potential liability for them.
and under .c3.11.7.2 Privacy: " It should be possible to manage encryption keys and provide them to law enforcement agencies on demand."
Cable companies would like to offer some services as a common carrier (although they clearly want avoid having the entirety of their business designated as such). That means that they are going to have to comply with the digital telephony act. Cheers, Jason W. Solinsky