The distribution of cryptographic keys in a computer network is discussed. The need for current authentication of communicants to prevent playback attacks is demonstrated, and an earlier protocol [Needham-Schroeder] is found to be subject to such attacks. A protocol which employs a simple means of obtaining current authentication of communicants and does not require communicants to maintain an absolute sense of time is presented. The protocol is expanded to accommodate key distribution between multiple security communities, where each community is administered by a different authentication server. Another form of the protocol which is appropriate for datagram applications is developed.