>> it is the only transport protection which is actually used. ipsec >> is not, to my knowledge. > Do you mean RFC 2385? The same option I'm writing an RFC deprecating, > because this doesn't seem to conform to the environment we're declaring > appropriate for it? yes, i mean 2385. it is what folk use today. and it's about all we have. and, imiho, it is not used widely enough. randy