I have read the XML Encryption spec (last Fall) and it looks like it has the same flaws we found in XMLDsig -- it won't encrypt the headers. This is not a flaw in the XML Encryption spec but a deficiency in extending the spec for use outside XML. These specs were never intended to be used for our situation. When we talked to the XMLDsig committee, they felt we were incorrectly mixing technologies to put XMLDsig and SOAP/MIME together. We are discovering that we have painted ourselves into a corner with XMLDsig (won't work with SOAP multihop). We have a serious situation in XMLDsig v2.0 with intermediaries modifying SOAP elements thus invalidating signatures and security concerns with signatures not covering the entire message. Why wouldn't using XML Encryption be the same mistake? Regards, David.