I have been working on an idea or a secure chat system for internet and have up with some ideas.
A system such as this already exists at MIT. It's called zephyr. Currently, it uses kerberos (private-key) for authentication, and uses cleartext, but the system just pushes around bits. There's no reason a message couldn't be a public key encrypted message. ACLs already exist (based on the kerberos authentication), but the system is capable of supporting well over a thousand simultaneous clients, so they might not be necessary. The protocol is based on UDP, and is well-documented. Unix and macintosh clients exist; there are PC clients in development. If people want more information (up to and including the technical papers), look on athena-dist.mit.edu (it's a mail server, too). Or, I'll be happy to discuss it on the list. Marc