Can netbsd's ipsec along with isakmpd or racoon be used for privacy
with random remote hosts?  Older user-land protocols like ssh will
allow two hosts that have never communicated and have no shared
secrets to establish a secure connection.  (Well, with the one proviso
that one can't really guard against a man-in-the-middle attack.)  Can
netbsd's ipsec be setup in a similar fashion?  It would be really nice
if all incoming and outgoing IP connections would go via some secured
method and only fall back to non-ipsec methods if the other side
declined the isakmp negotiations.  Is this possible?

-wolfgang
-- 
       Wolfgang Rupprecht <wolfgang+gnus@dailyplanet.wsrcc.com>
		    http://www.wsrcc.com/wolfgang/
Coming soon: GPS mapping tools for Open Systems. http://www.gnomad-mapping.com/