Unfortunately, Diffie-Hellman *is* patented, and I'm pretty sure Public Key Partners (closely related to RSA) holds the patent, just as they hold RSA's. To quote Steve Bellovin: U.S. Patent Number: 4200770 Title: Cryptographic Apparatus and Method Inventors: Hellman, Diffie, Merkle Assignee: Stanford University Filed: September 6, 1977 Granted: April 29, 1980 [Expires: April 28, 1997] So we're stuck with it being patented until 1997. Too bad - I was starting to think along the same lines about doing a D-H-based mailer. It's non-trivial, if you have to worry about active eavesdroppers swapping mail messages on you, and it's easier to do if there's a trusted Key Distribution Center, and if you think about all the cases carefully you tend to re-create either Needham-Schroeder or the Everhart-Osborn Bell Labs patent (~1980++), but you can certainly do it for the common case that says the Bad Guys are only listening to your mail and not tampering with it. Bill Stewart, wcs@anchor.ho.att.com