jweis wrote:

I have to agree, Netscape may spend some energy to upgrade their encryption, but it really won't buy them all that much. SSL, to me, is like using a "security envelope" to mail cash or putting the club on your car. It presents just enough of an obstacle to keep honest people honest.

This is the problem of using "physical" world analogies with the network. A similar argument that is posited is that "Sure its not 100% secure but its better than the carbons from a receipt (now gone) or people who don't shred their garbage." I respond that the network isn't the "real" world so the laws of physics don't apply. Someone in Boston MA is unlikely to fly into Sunnyvale to paw through my garbage, but it would be "trivial" for them to see my receipt go flashing by can throw some spare compute cycles at breaking it. A snooper/cracker program on a "spare" machine might yield a half dozen credit cards a week. I prefer the attitude of better vigilance through layered encryption. That is the transaction might be 40bit RC4 but the "jewels" (otherwise known as the credit authorization information) should be DES3. --Chuck Just my opinion of course.