We believe that the provision of offline delegation does not weaken the security of FR in any way. This hinges on the fact that the file owner is solely responsible for the security policy he implements. The increased flexibility offered by offline delegation comes with the price of responsible and competent users. However, for each delegation there is only a single file involved, and other files are not involved in any way, so a user can not compromise the security of any other user. The security problem intrinsic to stolen PDAs is treated in the section on the TCB.
A file can be handed out erroneously if it is given the same name as an old file, and access to the old file has been delegated. A new file with the same name as an old file can be regarded as if the contents was altered on the old file. FR can thus not distinguish between rightful access to new data in the old file and incorrect access to a new file with the same name as an old file. By ensuring that all certificates expire properly (within a reasonable time frame) names of files can be reused after that time. We do not consider this a security problem.
The security regime of the system is built on public key cryptography. It is a goal that FR should be able to produce a certificate for each and every transaction that takes place. In such a system, a scheme built on shared keys is very hard to conceive. Any secret shared with FR can be used by FR to convince itself about the origin of a message, but such ``proof'' has no value to others.