Russ's third point is: I believe that the 1st paragraph of section 8.4 needs further explanation. A security association is identified by a triple consisting of a Security Parameter Index (SPI), an IP Destination Address, and a security protocol identifier (either AH or ESP). So, manual key management involves a bit more than inserting the same cryptographic key in communicating peers. This document should not specify how that is done, but it should indicate that it needs to be done.
Suggested text to add: An implementation MUST support the manual configuration of the security key and SPI. The SPI configuration is needed in order to delineate between multiple keys. John -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------