I was under the impression that 40-bit RC4 was accomplished by revealing 88 bits of the 128-bit key in a header. If a new 56-bit-RC4 browser was implimented by setting16 of those 88 bits to zero, would any existing server know the difference? If not, you would get an immediate improvement in security, at least for browser to server messages, without waiting for the servers to be upgraded.

No doubt I am missing something, but what?

No, that won't work. One side is set to check that the bits it decrypts match the ones sent in the clear. If they don't match it rejects them. There is a problem with the deployed browser base either way :-(. There is no real difficulty in reducing the number of bits exposed from 88 to 72 however. Certainly 56bit RC4 would be preferrable to 56bit DES for most people at this point since it is unlikely that the EFF will invest another $250K in proving the same point again for RC4 while the plans for a DES cracker are now published in a book. If the government won't allow security, we are back at the stage of setting up the best obstacles we are allowed rather than establishing barriers. There is very good reason to deny the FBI wiretap powers. The FBI is now back into the type of political investigations it did under Hoover. It is investigating the question of who gave Salon magazine information that discredits Mr Hyde despite the fact that there is no evidence it came from the alledged source and even if there was discrediting a Congressman is not illegal. Phill