I think we need to open up some discussion area on how we are going to do fast-paced work vis-a-vis authentication. I read the rfc proposal I saw linked from the front of the site, and as well I saw marking for research in issues area to do research on Kerberos and NTLM but what strikes me here is we are in an area where doing fast authentication crosses proven authentication think. In general, proven authentication approaches run a little slower. To do fast-paced work, I would think some sort of HMAC based approch at sign on because much of the traffic is exposed. It just sorta works out that we would have a wrapper that can run at a stronger authentication level and just drop back to something that maybe is not as strong but follows the typical scenario a'la the pacing discussed in the rfc proposal. Not really a fun place for me to be, but if we are to attain ignition - this will have to be formalized somehow. This is something that could run in the clear. I know from running full-tilt-boogie on large projects your tag has to be droppable, it cannot reveal any useful information.