> If you were providing access to a clinical system via Web > technologies then I think SSL (with other application-level > security protection on top) would be a minimum starting > requirement I don't think SSL is an appropriate mechanism. You may be able to fix the integrity concerns by having every web page (and every request for one) digitally signed, but then you have to implement a signature mechanism either in the browser or in a proxy client. Given that the popular browsers are supplied object code only and that their security interfaces are very difficult to work with, you end up with a proxy. Given that, you might as well encrypt in the proxy too and free yourself of the SSL overhead. SSL was originally designed so that electronic shoppers could get their credit card numbers and expiry dates to a merchant web site, encrypted using a public key supplied by the server and certified by Netscape. However web clients aren't authenticated so you can't do access control in any rigorous way. VISA/MasterCard/Microsoft didn't like SSL and so they designed SET, with which web-based credit card transactions must conform from early next year. So the business case for SSL has fallen away. Hopefully it will be replaced with something better. > Now if someone had cleverly tampered with the cached page in the > proxy That may well be what had heppened with the crypto company I mentioned. I don't know and it's unlikely they'll tell me - if they ever find out! > not so sure your example, though clearly a worry and requiring > protecting against, is a show-stopper for my Web/interactive > paradigm. What may be is the new proposal by UK ISPs that they will escape legislation about porn on the net by adopting a voluntary scheme (i.e. coercing it on their customers). Under this, all web pages will have to have a `rating', something akin to a cinema rating (Al-Hackem's will be XXX for sure!). To get this, your web pages will have to be submitted to an agency in America that claims IPR over this crazy idea, and in return for a fee they will issue the page with an official mark. The mark will intially be protected by trademark law (the bit string you need to include contains their trademark) and later by digital signatures. The idea is that future versions of Microsoft's and Netscape's browsers won't show pages without the authorised mark. Using it, parents can control what their kiddies see. Of course this would be the end for interactively generated web pages such as altavista, and the reaction from industry is `we won't use it' (CEO of banking software house with whom I discussed this yesterday evening). So hopefully it will all go away; it seems ludicrous that one American company might become the sphincter through which all the web authors in the world must wriggle. But if a panicky government were to legislate for it in the run-up to the election, then it could be the show stopper you fear Ross %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%