1. Every message should say what it means.
2. The conditions for a message to be acted on should be clearly set out.
3. Mention the principal’s name explicitly in the message if it is essential to the meaning.
4. Be clear as to why encryption is being done.
5. Don’t assume a principal knows the content of encrypted material that is signed by that principal.
6. Be clear on what properties you are assuming about nonces.
7. Predictable quantities used for challenge-response should be protected from replay.
| Previous slide | Next slide | Back to first slide | View graphic version |