> So, you wouldn't consider PF_KEY to be a standard API for use with IPsec? > I don't like it much personally, as it isn't as flexible as RFC 2401 would > allow an API to be, but still, it is there.... PF_KEY is not a policy API. It's an API for managing the SADB; as such, it's useful only to the (very limited) set of people writing key management implementations.. - Bill