> This is one of the keys in the discussion, in my opinion. I do not believe we should react to specific revelations alone - at best those describe a situation at a fixed point in time. But we do need to realise that the Internet is pretty vulnerable to a large class of attacks. I think we should improve the situation. > > As for the how - I think cryptographic protection for a bigger fraction of Internet traffic is a necessity. Of course there are many tradeoffs to exactly how we go about that - and I think we're having exactly the right discussions about those tradeoffs in various lists. It is not an easy choice. But it is one that we need to get to the bottom of. That's my usual cue to do my duty and chime in that we need to fix protocol fundamentals as well - if a protocol has poor privacy practice it's not enough to hide its content. Scott