Peter Biddle writes:

Pd is designed to fail well - failures in SW design shouldn't result in compromised secrets, and compromised secrets shouldn't result in a BORE attack.

Could you say something about the sense in which Palladium achieves BORE ("break once run everywhere") resistance? It seems that although Palladium is supposed to be able to provide content security (among other things), a broken Palladium implementation would allow extracting the content from the "virtual vault" where it is kept sealed. In that case the now-decrypted content can indeed run everywhere. This seems to present an inconsistency between the claimed strength of the system and the description of its security behavior. This discrepancy may be why Palladium critics like Ross Anderson charge that Microsoft intends to implement "document revocation lists" which would let Palladium systems seek out and destroy illicitly shared documents and even programs. Some have claimed that Microsoft is talking out of both sides of its mouth, promising the content industry that it will be protected against BORE attacks, while assuring the security/privacy community that the system is limited in its capabilities. If you could clear up this discrepancy that would be helpful. Thanks... --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com