> I find there are some overlappings between SAD and SPD, so can we > have one database instaed of two? If we cannot, what are the > benefits to keep two kind of database in the system? I don't see any overlap. If there is, it may be an artifact of some implementations, which mix the policy and key negotiation. (like IKE does).