Yeah, it was pretty weird (they also posted it to sci.crypt and *.pgp.) If you need a copy, it's available on ftp.eff.org and probably half a dozen other sites that grabbed it before they announced they were pulling it. I couldn't tell if they did it this was because they'd had a misunderstanding about what RSA would really let them get away with and got burned, or if they did it on purpose either to give RSA a way to save face on PGP while preserving deniability or to give RSA partial control over "PGP", since competing with RIPEM wasn't doing the job. But it's nice to have available out either way. If anybody's got connections with the PGP 2.6 development folks, it would be *very* nice if they can make PGP 2.6 be more Stealthy, since it's going to be incompatible with the previous versions anyway. Bill