On Fri, 29 Aug 1997, Mike Duvos wrote:
The Trusted Agent then signs Bob's data, declaring that the resulting digital coccoon produced from Bob's data is associated with the TAG, and that the CONTEXT necessary to recover the data has been communicated to Bob and all copies destroyed.
Which is of course where the protocol will fail. Any such system must be resistant to operator compromise. A clean solution for a distributed data haven resistant to machine/operators compromise would be to use a design similar to the Anonymous Mailbox Servers I gave a talk on at HIP'97. Unfortunately, our project leader is very busy with his daytime job and it probably will be a while before we will see some demo sites up and running. But it will happen :-) --Lucky