>The one thing I found which did not seem consistent with my understanding
>was the description of the seal/unseal operation
When you give the talk that explains the paper, you need to tackle this head-on, because I always found it difficult to deal with too (sorry I didn't remember it was difficult till now, I've gotten damaged by familiarity :-) You need to say, "consider cryptographics protocols, here are the properties--the thing used as a public key is really a write authority, the thing used as a private key is really a read authority", and then say, "we are now building a sealer/unsealer pair with the same pair of authorities, but we're not using encryption in any way, we're just using public key encryption as an analogy, and the sealer/unsealer are built out of capabilites"--or some such.
For me personally, talking about it as write-authority and read-authority is much clearer than talking about it as a public-key-encryption analogy. Even the crypto people might find this clearer (indeed, this reaction you just forwarded suggests this is the case). Then note at the end that this has a behavior analogous to public key technology.