Tim said: -- begin quote -- I can't speak to the truth or falsity or plausibility of some of the claims here, but there is a general point: modularization. There is no real reason for crypto to be built into complex products, at least not when those products are well-suited for handling text (and even files). If speech is in the form of ASCII (or even MIME) text, then end-to-end crypto can be done using fairly basic (and hence more easily verfied, audited, and tested by time) modules which are NOT PART OF THE MORE COMPLEX PRODUCT. To wit, who really cares whether Netscape 4.08 or 4.07 has crypto built in so long as a robust, non-trapdoored crypto program is available/ -- end quote -- I quite agree. In fact, that's why I don't use a web browser as a mail client (this nym's only interface is webmail, which is a different case). The salient point of this thread, though, is that the built-in crypto under discussion is the SSL engine, not the mail client. If you (or anyone else) knows of a web browser that takes a drop-in SSL module (hopefully open-source), I'd be pleased to learn of it. Would be interesting to see if Wells Fargo would accept a connection from such a browser.