Does the use of port numbers to distinguish key-management messages from data messages work if the underlying transport mechanism is ATM? What is the right mechanism there? I tend to prefer solutions based on tagging the messages as to type, rather than counting on the available of secondary channels... Ron Rivest