Is there any specification for mutual authentication on WWW? (There are too many servers now and it is possible there is intrusion at the server site to cause harm to the innocent clients). As far as I know, in Kerberos, servers are trusted. Isn't it possible to intrude at the server site ? _J._Prakash