One thing not being emphasized in this discussion about languages, crypto scripts, and such, is that a big reason why we don't have more crypto tools is because they are a lot of work to write. I can speak from personal experience on PGP. Just going from PGP 1 to PGP 2 took over a year, almost a year and a half. That involved a lot of little cleanups: better handling of key rings, going to IDEA in place of Bass-O-Matic (the cipher used in PGP 1); adding some new packet types, etc. But PGP 1 had most of the same basic cryptographic functionality (RSA+conventional) as PGP 2. And it was amazing, really, that as much got done as it did in that time frame. Most of that is due to Phil Zimmermann's managerial abilities. People know Phil as a privacy advocate, a crypto enthusiast, a talented programmer. What they may not realize is that his greatest skills are (IMO) in personal relations. Phil is able to make things happen, to shepherd a network of easily distracted programmers from point A to point B. This means being willing to push, to call someone up and say, "do you have that done yet," and "can you have it for me tomorrow." Phil was not afraid to keep the pressure on in order to make sure progress was made. He had to constantly keep this up for over a year to get PGP 2 out. Granted, Phil was working under somewhat unusual constraints due to the unique legal situation involving the RSA patents. But most of the kinds of things we are interested in playing with can't help but infringe on some- body's "intellectual property" given the massive barbed-wire-fencing of the cryptographic concept space that's been going on (see my posting last week on Chaum's multitudinous patents). Plus, now we know that any success- ful public-domain cryptographic product is likely to leak overseas and ex- pose the author to the threat of a prison term. These are hurdles which cannot be taken lightly. I don't know whether the introduction of easier-to-use crypto tools will really change things. Pr0duct Cypher's PGPTOOLS was explicitly intended to address this problem, but the only thing I've seen so far is his own Magic Money (although I heard in email about another application being worked on). I think what we really need is some motivated programmers who are willing to learn crypto and work on projects. I think that would be a better use for this list than the kinds of discussions we have been having lately. Hal