Guys, I've had an idea for improving the usability and security of the bridge: Encryption. Now I realise that we're not dealing with a massively high-security installation here with with HECnet but please hear me out :) My proposal is that each end point of a bridge connection share a secret and use some form of symmetric encryption (say AES in ECB mode) whilst communicating. This shouldn't be terribly difficult to achieve (I might take a look at coding this myself once the rum-fuelled haze from last night's Notting Hill Carnival wears off) in a fairly small amount of code. If in addition a receiver of a valid packet constantly updated the target address of it's packets to the source address of the last valid packet received the arrangement would not only ensure that the host sending the data is in fact who they claim they are, but would enable a sending host to change its IP address without borking things up, thus making our beloved bridge usable on dynamic IP setups. A CRC-32 (of the unencrypted frame) would be used to determine the validity of the data. Example connection, Host A -> B 1. A receives a decnet frame on ethernet 2. A calculates a CRC-32 for the frame 3. A encrypts frame using shared secret with B 4. A appends CRC-32 from step 2 to the encrypted frame from step 3. 5. Frame is sent to B 6. B decrypts frame using shared secret with A 7. B calculates a CRC-32 of decrypted frame, compares with received CRC-32 8. Are they equal, if not abort. 9. Frame is valid, send onto ethernet. 10. B updates A's address to that of source address of the last frame. Comments anyone? Sampsa