_do control_. They hope that the pain of having multiple versions will be so high that no vendor will bother, and all we'll have is crippled software.

I think that the real key is for everyone, worldwide to insist on both strong crypto and interoperability.

Anything that uses cryptography absolutely and positively *must* support multiple cryptographic protocols. Tag every RPC, transaction, method invocation, what-have-you with some indicator that indicates not only "encrypted" but "encrypted via method 2". Allow customers to specify policy, at least via an environment variable such as NETSCAPE_SSL_PROTECTION=1,2,4 where the online documentation says 1 = 512bit RSA 2 = 256bit RSA 4 = Rot 13 Design open, extensible architectures with public registries and protocol descriptions. /r$