I was at the Microsoft presentation. Crypto-relevant info: A patch will be published in the next few days to address the weak .PWL encryption. I got a rather lame excuse about how the encryption was first implemented in 1991, and how it was sufficient then. They will supposedly be changing the seed. I asked about what MS was doing in regard to future strong crypto. Got an interesting response in that that "the government was going to let them implement 768 bit keys." I later asked an MS person if these were RSA session keys or what. He said yes, but I really don't think he knew what he was talking about based on some of his other comments. Visual Basic Script will be MS's response to JavaScript. The interesting thing here is a plan to use digital signatures on controls and scripts as a means of authentication. The comment was made "you'd trust something signed by Lotus or some other big name, but you probably wouldn't be that trustful of a piece of shareware." Hmmm... MS will be releasing a "safe" runtime version of Visual Basic that will supposedly prevent nasty virii and trojan horses from being implemented on Web pages. IMHO, Perry's previous comments on the security of Java apply. Servers and some clients will support end-to-end encryption. No details... I didn't ask about GAK. Bill said there was a white paper explaining Microsoft's position on encryption. Maybe I'll test the search capabilities of the MS Web site later tonight. Overall, the presentation was interesting (but obviously lacking in technical details as the audience was mostly press). MS is going to throw a lot of resources at this in order to maintain its industry dominance. Thought for the day. Bill on the relevance of the briefing being held on Pearl Harbor day quoted Admiral Yamamoto after the 1941 attack, "we have awoken a sleeping giant." Draw your own conclusions on that one... Joel