Well guys and gals ... I spent some time reading documentation on the www servers for NetScape and Community ConneXion (c2.org). The "messenger attack" as described in my earlier posts regarding public key encryption and key management seems to apply to NetScape's SSL. I have a Fifty dollar bill for the first person to submit to the mail box nethack@dmsd.com a working Unix server (with cleartext session logs) which accepts all connections on a unix based host to the www port and redirects them to netscape.com leaving a clear text log of each session's SSL packets in /tmp by session. All entries become the property of DMS Design. The winner and I will submit a claim for one of Community COnneXion's "I HACKED NETSCAPE" tee shirts as a server hack. (Have Fun!!) After a careful examination of NetScapes public documentation it appears that SSL which is based upon RSA's public key technology may be down for the count. The fall of SSL would doom NetScapes current claim of "Strong exhortable cryptography for credit card-based financial transactions" as outlined in Taher Elgamal's (NetScape's Chief Scientist) white paper titled "COMMERCE ON THE INTERNET: CREDIT CARD PAYMENT APPLICATIONS OVER THE INTERNET" Version 1.00 dated July 14, 1995 which can be found on the www as http://home.netscape.com/newsref/std/credit.html. SSL doc can be found as http://home.netscape.com/newsref/std/SSL.html. John L. Bass Owner, DMS Design