We are designing an extranet for our non-employees, customers, and partners to work on program information. All users will be authenticated by personal digital certificates that we will issue from our Netscape Certificate Server. It is my understanding that users from Canada, Italy, and Norway must have a certificate encrypted at 56 bit. Are you aware of any other restrictions/requirements? The crypto law survey mentions use of Trusted 3rd parties for Italy and Norway. Are there commercial companies that act as Trusted 3rd parties? look forward to hearing from you. carol carol.woolley@lmco.com