Tim may is starting to sound like a Suit. :-) I agree strongly that we need RSA on our side, not against us. I don't know the history of the animosity between Jim B and Phil Z, but I think it is time to say that water is over the dam. Several folks have suggested here, and in the usual feeds, that it wouldn't appear to be all that hard to take RSAREF and use it as the key exchange engine for a US-legal PGP. Or even to take the PGP source and use it as an enhanced RSAREF. I haven't looked at either source, but I have to believe that someone on the list has. Is there a technical reason why this can't be done? Is there some hidden political reason that it can't be done? The readers of this list are hardcore and facile with techninology. To get the widespread support we need kill the wiretap chip, we need to get "easy to use" strong cryptography into the mass market. I'm writing a Windows-based POP client designed for folks that can't spell SLIP. It should have strong encryption invisibly and automatically. It won't until there is a legal encryption engine with at least the key management of PGP. Pat Pat Farrell Grad Student pfarrell@cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include <standard.disclaimer>