The jist of http://eu.microsoft.com/industry/finserv/m_finserv/m_fordev_g.htm is, MS has US permission to export a DLL containing 128-bit SSL *worldwide* since the encryption is enabled IFF there's a Verisign "SGC certificate" on the *server*. This apparently will work with Netscape servers in addition to IIS. This facilitates gov't-trusted banks doing business with clients with generic MS browsers. And it facilitates MS's growth in the web world. Thoughts: Since US law (*) doesn't recognize digital IDs or the authority of Verisign, this implies the government has enforced some arbitrary judgement calls biassed towards this system, no? Additionally, the US would be seeming to trust the implementation in MS's new DLL which checks for and verifies signatures. All in all, some clever/cunning positioning by MS. This is set up for banks, and the certificates are strong. But they seem like the weak point --could a generic certificate be circulated amongst the Undesirables so they could enable this feature in IE browsers with the new DLL? (*) I understand that the government of Utah now recognizes some form of digital signatures. ------------------------------------------------------------ David Honig Orbit Technology honig@otc.net Intaanetto Jigyoubu "How do you know you are not being deceived?" ---A Compendium of Analytic TradeCraft Notes, Directorate of Intelligence, CIA