Scott, The use of AES in IPsec needs to be addressed in both ESP and IKE. I think we can move ahead with an AES-based CBC mode easily for IKE and ESP. For a counter mode, Steve Bellovin made a good suggestion at the last meeting, i.e., let's wait to see what NIST adopts. Steve