I'd just like to let all cypherpunks know that I'm really interested in getting any feedback you might have about security problems with Netscape products. I'm particularly interested in bugs in the our implementation of SSL, and problems in the protocol that are not addressed in SSL 3.0. We have been collecting comments on SSL 3.0, and have started incorporating that feedback into our spec. Please don't assume that our lack of response means that we are ignoring your comments. Between Navigator 2.0 and things like the SSL challenge and the RNG fire drill, we just have not had the time to get a new rev of the spec out. Hopefully soon... I should also warn folks that Navigator 2.0 will not include SSL 3.0. We just don't have time to do it. It will become a high priority for us after 2.0 goes out, or maybe sooner depending on hiring. --Jeff Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.