Jon-- I would suggest that the Chinese solution to these problems is singular, and simple: the total inability to conduct any transaction anonymously. My guess would instead be that the Chinese would register IP addresses to individuals. The precedent's been set already with registration of photocopiers, typewriters, and mimeograph machines. As Perry pointed out, RSA-signing each and every packet would be prohibitive. Assuming that their real interest is in controlling diffusion of information to and from the 'net-- and not moderating what goes on in the Chinese intranet (or inter-intra-net, I guess) I think address registration would be a logical first step. The simple portion is a national (Chinese) database associating true names with key IDs. These keys will be usable only to sign documents, not to encrypt information, similar to the Federal DSS. If the binding is instead true name <-> IP address, then the censors drop, block, delay, or spoof packets from thoughtcriminals instead of refusing to sign them. This avoids both the signature overhead and the expenditure of hard currency on gwai lo. Now that all information has a recognizable source, dissidents in China can be arrested, and unacceptable information never makes it into the country. Registering IP addresses of course won't block out thoughtcrime originating outside China, but unless everyone else adopts the packet signing scheme you outline the censors will still have to filter incoming material semi-manually. As far as I can tell their government is at least as interested in keeping things in as they are keeping out the Four Horsemen. -Paul