> One of the reasons various user authentication schemes have not been > considered (CRACK for instance) is the moratorium on changes to IKE. > Unfortunately the IPSRA WG is very dependent on IKE. The IPSRA WG is not at all dependant on IKE; it's really all about protocols to turn legacy authentication into certificates.. - Bill