For whatever it's worth, my position fits into Tim's taxonomy pretty well. I think it's worthwhile to do enough to protect people from their sysadmins, even if it won't protect them from the NSA. The important thing is to take care not to create standards or large user communities that will force more determined people to choose between security and interoperability. For example: a mail system that can only work with small keys ought to be avoided; but a mail system that uses large keys and clients with crummy random number generators ought to be deployed, if it has some significant advantage (like user friendliness) over other systems that currently exist. A java mixmaster applet with a bad random number generator would probably be the best game in town for most people. Is it good enough? No. But is it better than anything that's currently available (in a practical sense) to the typical ms-windows user? Yes. And that's enough reason to deploy it. Unix clients and the mixmaster remailer network are capable of providing much better security to anyone who wants to pursue it -- the poor quality of the java version doesn't impose a ceiling on other users. And a clear path of improvements exists (ie., easy to use dos and mac native code clients, or a better java applet) to pull the low end users up to where the unix users are now. Deployment is the thing that's going to make putting the genie back in the bottle impossible. 10,000,000 people who use a flawed java implementation of some crypto applet are still 10,000,000 people who are going to scream bloody murder if crypto's banned. There is a lot of political value in getting something out there, even if it's less than perfect. (Incidently, I'd like to encourage more people to set up mixmaster remailers. I've had mine (nsa@omaha.com) up for several weeks, and I haven't had a single complaint or hassle from it. That's not at all what I expected -- I figured people would be complaining all the time. If I had known how it would turn out, I would have set it up a long time ago.)