Simon Can we possibly have clarification of this point, which Richard and others have raised. Does the Home Office expect companies to: (a) never revoke crypto keys so that they are always available for the retrospective decryption of traffic, or (b) revoke keys at random intervals, so that a revocation following law enforcment access does not consitute `tipping off'? Ross Anderson