Key-exchange protocols are probably the most widely implemented and used cryptographic protocols to date. Practically any known secure communication protocol (including SSL, TLS, IPSEC, SSH) uses key-exchange in an essential way. Still, the design and analysis of key-exchange protocols remains a challenging task, where one of the main challenges is to find sound ways to tell whether a given protocol is "secure". We review some common requirements from key-exchange, as well as some designs and attacks. (We will give special emphasis to IPSEC and the IKE, SIGMA and JFK protocols.) We then discuss some methodologies for the cryptographic analysis of key-exchange protocols, as well as analyses of some specific prtocols. The talk will be mainly introductory in nature. No prior expertise in cryptography is assumed.