On Wed, 22 Mar 2000, Jim Tiller wrote: > Should the public key (cert or key its self, preferably), that is used > for the encryption by the initiator, be hashed and included in the third > message? That is, extend the wording slightly so that if there is no cert, the hash is on the key itself, and make it mandatory? Makes sense to me. Henry Spencer henry@spsystems.net