Process key question

[Jonathan Adams]

Here is a question I ran into as I was working my way through a minor 
revision of the Keyset code:

At least in Eros, there is no way, given a Domain key and a start key to 
that domain, to tell that the start key is actually to that domain 
without either:

1) Using the domain key to create a start key with the same keydata field 
and comparing the keys with discrim.  (This could take 65536 trys)

2) Using the Domain Creator of the Domain to get a Domain key from the 
Start key, and using discrim to compare that key to the original Domain key.

Well, on second thought #2 doesn't look as bad as I had originally thought.  

Anyway, my question was why don't Domain keys have an "identify gate key" 
operation which, given a start/resume/fault key to the Domain, returns the 
KeyData/Resume/Fault nature of the key.  I cannot think of any obvious 
security problems, and it seems like a useful order for Domain keys to 
have -- requiring discrim to tell if a key is a key to you seems a little 
baroque.  

Is there something I'm missing?

Thanks,

- Jonathan Adams