In message <3815F49E.BFABF7C9@cisco.com>, Roy Pereira writes: > > Let me ask everyone who is interested; How do we support existing > legacy user authentication within IKE without using a PKI ? With a protocol that lets the customer download an encrypted private key/ certificate pair from a server, followed by ordinary IKE. --Steve Bellovin