Aside from the technical differences between the two packages, I think the more significant difference is in the distribution. Edgar's 1.2 documentation encourages users to put the package up for FTP, while Mike's 1.0 (and, I presume, 1.1) docs ask that this not be done. Mike wants to protect himself against a PGP-style investigation into export of software. But if 1.2 is put up for FTP, it could conceivably lead to such an investigation. And Mike would presumably be a potential target. This is a confusing situation. What rights does Mike have to control a derivative product like 1.2, given that he is releasing it under the Gnu Public License? Maybe the GPL is not appropriate for the release of crypto software, at least if the author will attempt to restrict its distribution in this way. I don't blame Mike for his concern, but I think we need to recognize an inconsistency between the following three goals, for U.S. citizens at least: public recognition as the author of a crypto package; avoidance of Grand Jury investigations; free availability of the package in the U.S. Hal