I've heard a rumor that there is some new legislation being proposed in California that would require consumer communication using SSL to go "directly to the server". A scan of the current in-process legislation doesn't turn up anything. Eric