> Simple question: what's the recommended method of initializing an IPSec
> connection between hosts without always using the same pre-shared key?

By using X.509 certificates instead of pre-shared secrets.  See

	http://www.kame.net/newsletter/20001119b

for a guide.

David S.