Of 10 survey forms distributed, I received 7 back within a week.
Most everyone said it was "just right" but one thought it was too fast and one other said it was too slow. The latter person said that it is a 4900+ class (actually, it's 4830) and that people should already know RSA from algorithms and should be able to study on their own. However, the prerequisites for this class do not include algorithms, so I assume that the majority of the students in the class do NOT already know RSA. Perhaps I should take a headcount before emarking on this path?!
Most said the material was good, and useful and new to them. One person complained that the real-life stories detracted from making progress through the lecture material.
I have a hard time believing the latter point: as you surely have noticed, I don't talk only about things in the book. In fact, much of what I have presented is not discussed at all in the text. This is because what _I_ consider to be important is not found in any book that I know of, so I've chosen a book that I think is among the better ones out there. But I still insist on teaching my course according to what I believe is the most important stuff.
Examples of things we've learned which aren't in the book: MAC attack models, provable security, buffer overflow exploits, etc. And there will be more of this coming as well.
Most people said yes. A strong sentiment was that there should be more implementation/programming work. I can certainly assign more of this type of thing if people want it!!
To my relief, most people were fine with the quizzes, and one person even LIKED the quiz-structure. Also, one person said he would prefer graded homework over quizzes.