The IP security program I have been working on (slowly) is a packet redirector and cryptdec. You ask it to encrypt packets comming in on one socket, and pass them out to another socket (also to decrypt those comming in on the second socket and pass them out the first socket). Thus you can run one of these on the X server, and one on the X client, and all the X trafic becomes encrypted over the net. You can telnet to the local redirector, to the forign redirector, and then to the standard telnet port. Or FTP, or whatever. I am still learning about net software, and this vision may not be easly implemented, or sockets may be the wrong level of interface to the net, I dunno. But I do know that my unix (SCO) and my X server (WINDOWS) both support this stratagy. j'