Security protocol deployment risk : (transcript of discussion)

The level of confidence you need in the secrecy of the key you are using to upload your initials to the high score on Tour of Duty is probably different to the confidence you need to do a multi-million pound transaction. So the basic idea of this model is to classify cryptographic key sensitivity in terms of some sort of partial order: authentication master keys are more sensitive than the keys that they're used to protect; and generally a session key that is encrypted under a long term key is less sensitive than the long term key that's being used to encrypt it. If you've got the higher one, then it's possible to obtain the lower one, simply by looking at what's gone through the protocol. For example, if your protocol has got a message like that in it, then this key is below this one in the partial order.