Communications security is required to achieve capability security in a distributed application. Crypto is required unless the physical links are sufficiently secure. Key management bears, however on two other issues, the bootstrapping of distributed spaces and the multiple site strategy.

When a new site is started for the first time it may be necessary to carry public keys to that site to ensure that the new site is securely connected to existing sites.

When object references are transmitted between sites with our protocols provisions are made for introducing new pairs of sites and this introduction includes providing each with the public key of the other. No other certificate authority is required.

To achieve the availability in distributed systems that we claim for capability systems, redundant communications may be required.