I have a basic puzzlement about this whole war over strong crypto and key escrow. I admit to being relatively crypto unsavvy, but with a strong (but not avid) interest in the subject. Schneier sits on my bookshelf, and I have cracked it a few times, but the prospect of studying it seriously makes me feel slightly gut-sick. I use PGP to communicate (presumably) strong-cryptoed messages to my stepson Ray Hirschfeld in Amsterdam, and vice versa. He uses an internationational version of PGP, and I use the domestic version that I got from MIT. They seem to be compatible. I don't intend to submit my present or future private PGP keys for key escrow (Is that what's called GAK?). To protect myself against forgetting my private key (which has happened once already) I'll no doubt some day put it on a floppy and put the floppy in my bank safe deposit box. Two questions: 1. Does anyone think that legislation might be passed which would criminalize my communications with Ray? 2. Suppose someone writes a program Z that has no expicit crypto code in it, but has hooks for installing one or another version of PGP. Given a copy of Z, someone in this country could install PGP he got from MIT, whereas someone in Europe could install the international version. Would export of Z violate ITAR restrictions? Rollo Silver / Amygdala | e-mail: rollo@artvark.com 216M N. Pueblo Rd, #107 | Website: http://www.artvark.com/artvark/ Taos, NM 87571 USA | Voice: 505-751-9601; FAX: 505-751-7507