Hi Greg,
 Wanted to clarify why XOR is used in Coda.   From the beginning
it was obvious that XOR wouldn't offer any real security.  But it
would catch accidental bugs such as not decrypting at the right
point in the code.   When RPC2 was originally written (circa 1985-86,
for AFS-2), there was a whole lot of confusion about legal use of 
encryption, embedding encryption code in software, export restrictions,
adequacy of DES, etc, etc.  Our heads hurt just thinking about the mess.
We decided to use the completely safe and harmless XOR "for now",
get the code structure right, and then replace XOR with a real encryption
scheme "later".    We expected "later" to be a year or two.

 As it turns out, "later" didn't come for a long time.  All the focus
in Coda's evolution was on high availability:  replication, disconnected
operation, weakly connected operation, etc.   But it sounds like "later" 
is finally here :-)

       -- Satya