>> for a first cut, not sure we will have gost support. > I agree, I can even skip RSA/SHA1. indeed. in the long run, we kinda have to make a decision of whether we support ill-advised aggorithms/hashes "because people want them," or not. randy