Well, I've gotten a few hundred pages into Applied Crypoto, and am now educated enough to realize what the things are that I don't know. One question I have is regarding how protocols for realtime communications work, like say a encrypted voice conversation. I know there are such things,such as Clipper, but I assume Clipper/skipjack is atypical in many ways. But maybe I'm wrong. Anyhow, I'd guess that in such applications, a random one-time session key is generated for a symmetric encryption method. Is this correct? If so, how is this key distributed to both participants? You could use public-key cryptography in some way to distribute the session key, similar to what DES does, but then how do you distribute the public keys so as to avoid a man in the middle attack? Ideally, you want to pick up your crypto-phone, initiate a call to another crypto-phone which you've never called before, and which was possibly manufactured yesterday, and be able to exchange keys with it in a secure fashion. But I can't think of any way to do this, without opening yourself up to a man in the middle attack. How does clipper solve this problem? How do other potential realtime protocols? Or do they just ignore it, and assume that it's going to be too hard to do a succesful man-in-the-middle attack quickly enough for a realtime conversation? That would seem to me to be a dangerous assumption. I'd appreciate it if anyone could help me out.