In the discussions about people sniffing the net and the need for encrypted telnets, one problem that has come up is the ITAR hassles that make exporting Kerberos politically incorrect, though John Gilmore has gotten them to admit that the Kerberos bones is none of their businesss :-) However, is Diffie-Hellman exportable? After all, it's not crypto, it's *just* key exchange, and people can plug in their own triple-DES from the usual sources. It looks to me like it's probably legal, though if you were to then transmit the password by XORing with the login key or some such probably-unsafe behaviour it might not be. I had heard somebody say there would be an updated RSAREF version including Diffie-Hellman key exchange, though it's not in the package I just ftp'd from rsa.com. Is this correct, and is there a planned release date? Thanks; Bill # Bill Stewart AT&T Global Information Solutions, aka NCR Corp # 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399 # email bill.stewart@pleasantonca.ncr.com billstewart@attmail.com # ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465