Subject: Diffie-Hellman

Since there's no perceived value and since all the software would require license from RSADSI, it won't happen that way.

It was not my understanding that RSA held any patents, copyrights or other controls over Diffie-Hellman key exchange. The 'big-number' math required is not difficult and is fully documented in Knuth's "The Art of Computer Programming", vol2: Seminumerical Algorithms; section 4.3: Multiple Precision Arithmetic. Also note that this multiple precision code is available in the PGP source in the file mpilib.c. The exchanged key could easily be a DES (or other fast symmetric cypher) key -- and usually is. Unless you want to perform an authenticated key exchange with Diffie-Hellman as described in "Authentication and Authenticated Key Exchanges" [Diffie, Van Oorschot and Wiener in "Designs, Codes and Cryptography", 2, 107-125 (1992)] using certificates signed with the RSA algorithm, then RSA doesn't have to enter the picture at all. Is my understanding of RSAs controls incorrect?