Hilarie: >For HMAC vs. hash, IKE uses HMAC to its advantage in authentication, >and that shouldn't be changed; it seems immaterial whether or not it >uses it for key derivation. I never proposed moving away from HMAC for authentication. This thread started because I observed that the requirements for key derivation and authentication are different. Russ