I think there are some things being overlooked in this discussion. First, note the strong hint in Schiller's message about operators of key servers who accept pre-2.6 keys being guilty of contributory infringement of the RSA patent. I think we can expect strong legal pressure from RSA to shut down the remaining U.S. key servers, even those which don't use illegal versions of PGP. They succeeded once in shutting down the key servers which used PGP; they will succeed again in shutting down the others due to the contributory infringement threat. For the same reason, hopes of getting a non-RSA-approved "2.6a" (hacked to be backwards compatible with 2.3) widely available in the U.S. are not well founded. FTP sites which hold programs or even patch files to allow 2.6 to interoperate with 2.3 will be targetted by RSA as contributory infringers. In short, the legal advantages PGP 2.6 will have over unapproved versions will be strong enough that it will be widely used in the U.S. However, this does not mean the loss of international encrypted communications. The solution is simple. PGP 2.3a will be patched to be compatible with PGP 2.6. I don't know what we'll call it, "PGP2.3e", perhaps, where "e" is for Europe. 2.3e will have the speed advantages of 2.3a, no copyright problems with RSAREF use, be perfectly legal outside the U.S., and will interoperate with 2.6. Converting from 2.3a to 2.3e will be no more difficult than converting from 2.2 to 2.3 was. Although I hate Jim Bidzos' guts for what he has done to Phil, he holds the legal upper hand for the next few years. The present course does allow for wider use of encryption by the public, which we can all support. Look at it rationally, and 2.6 is a step in the right direction. Hal P.S. It's possible that pre-2.6 keys will not interoperate with 2.6, in which case users of both 2.6 and what I am calling 2.3e will have to generate new keys. This is no great problem; people should make new keys and retire their old ones every year or two anyway, IMO.