is nonexistent. That is, as I understand it, the algorithm for creating/exchanging the session key that is negotiated at the beginning of each call is *not* built into the chip or the standard. Am I correct? Mrs. Denning has conspicuously evaded this issue only by saying that the keys can be exchanged via Diffie-Hellman or RSA. The point is, the phone hardware designer/integrator must use an additional circuit. Isn't this a serious potential defect of the chip? Isn't it amazing that the design neglects the issue completely? Wouldn't the ideal (or even `usable'?) chip have this built in? If RSA refused to grant support to people using the algorithm for this purpose, it could have tremendous effect in helping vanquish it... What will be their commitment in this area? Is Mr. Bidzos annoyed about the Clipper chip as a veiled revocation of American rights or as a lucrative opportunity, denied at first, but not later, to get a tasty piece of the wiretapping pie? It seems to me that Mr. Bidzos has a critically pivotal decision to make, and to make clear. Or has it been made already, by someone else? If somebody comes out with a neat chip that interfaces to the Clipper *really soon* that has been *totally approved* by RSA for clipper key negotiation, I'd be a bit suspicious.... Can anybody clear this up? Exactly what parts of session key exchange/ negotiation/ generation are handled by the chip, and which aren't? There is not even specific information in Denning's statements about when all this (including the All-American Privacy-Protecting Law Enforcement Block, ug!) is transmitted (at the beginning of the call, presumably). Why hasn't there been more inquiry into this? Is the key fed to the chip by other circuitry? That would seem to be the case. The chip appears to be just a low level encryption device, not something high-level that worries about key manipulation and trading. Hence, there may be widely varying approaches to implementing key exchange. Not much of a `standard' that leaves unspecified something so basic. Notice however that the wiretapper does not care, because this is not involved in the decryption; the crucial data for them is that the serial number and family codes be correct for the chip. So, these aspects are hardwired.