It makes no sense to reply to my message, but I need to add one point. Early in the message service discussions, we made certain assumptions about processes. Chris Ferris and I made the argument that we believed that signing and encryption of the business documents would be performed by the applications and that the payload would be handed to the MSH for transport. If we hold that position we could accept David's proposal. In that case, I would like to add some text to the specification qualifying the purpose of any security service provided by the MSH. This could help isolate business issues from technology issues. Ralph Berwanger