> This kind of support SHOULD NOT be delegated to the application layer. > There are HUGE efficency and code-maintability gains to be had by > offering this kind of policy management at the IPSEC layer. Not to mention the realization of universal, interoperable authentication/authorization implementations. Gary Flynn Network Analyst James Madison University