Peter Wayner writes: | I don't think that there is any serious worry for Netscape. Their | security is fine-- it's just crippled by the US Government. They | could probably start distributing binary versions of their software | that used full 128 bit keys in several hours. It's just that the | Government gets pissed off about these things. I'm not sure I trust their security. I know I have no reason to; their server comes as 14.9mb of object code. I know of no vendor who ships a bug free 14mb product. (To be more than fair, most of those binaries are relatively small, on the order of 250k.) As RTM, Sr asked, if your programs are buggy, what does that say about their security? (Not that I'm offering up exploits; simply saying that I suspect there are problems, and that those problems can make whatever security SSL does or doesn't offer moot). The operative question is not one of 'what is the cost of breaking SSL relative to the financial gain?' but 'what is the cost of breaking or bypassing SSL relative to the risk involved and the financial gain?' Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume