Carlo Wood wrote: > 2) C == A or C == B. Tell C not to use encryption or not to send ARs. ... or to disclose the session key as part of the AR. (Assuming the session key won't give the governance team enough information about the private key, so future communication would still be save.)