Anyway, I'll leave further comment to people with a better
understanding of the issue, although I'm happy to clarify if any of
the above isn't clear.
Expert blindness can be a serious problem when it comes to security design, so please keep the questions coming. I've come to the realisation that having done things like blending aspects of the 802.11i WPA2 spec with HF automatic link establishment to come up with a custom authentication protocol means I'm no longer qualified to judge what counts as "common knowledge" in these areas, and the TUF folks leave me in the dust :)