What's the point? Surely Clark must realize that even if Netscape adds key escrow to SSL/Secure Courier, it is still possible to tunnel real encryption through that link thus thwarting the escrow system. In fact, this is the perfect job for Java: 1) Client connects to server thru insecure key-escrow channel and downloads Java applet 2) Java applet opens new connection to server using "invincible" security as Clark puts it, and performs add transactions on this channel. In fact, in the future, a large number of "forms" will be Java applets which submit information back to the server themselves. And what about IPSEC ESP? Even if the application layer is weak, the link layer can more than make up for it. Now, Netscape has momentum, and if they set a key-escrow standard, there is a chance of it being adopted widely. However, Java applets and IPSEC can still make transactions through an insecure netscape payment/encryption channel. The genie is out of the bottle. -Ray