How about WWW one time pad servers? You browse to your favorite OTP server, which has a random number generator running in the background. You tell it to give you a block of X bytes, and mail it to persons 1, 2, 3, ... N. These people then use this OTP for encrypting a document. It wouldn't be illegal because you aren't encoding any data and distributing it.. You're generating raw data. You wouldn't have to distribute any crypto software, you just xor your data file with the number of bytes that you were sent in the mail from the OTP server.. Enough of these things would be REALLY tough to monitor.. Plus, you could connect 8 different times and just pick one of the sets.. Or you could just use a portion of the set that you and the receiving party agreed upon. Or, instead of using email, you could have a application/x-otp browser that would collect the OTP that the server sent out to you over HTTP. (this would be really hard to differentiate from other data if the server was doing other things at the same time). Thoughts? Doug Hughes Engineering Network Services doug@eng.auburn.edu Auburn University