In message <x73e4x1zeg.fsf@dailyplanet.wsrcc.com>, you write:
>As a foot-in-the-door would it be possible to supply ipsec minus the
>crypto?  Eg. deliver authentication options but no privacy options.
>
>I assume that a good ipsec implementation is already table-driven with
>different ipsec options dispatching to indirect functions that do the
>real work.

  It depends dramatically on how the implementation was done. Our new code
(about to be released, not what was recently released) has all these things as
severable modules with a well-defined interface... just in case someone wanted
to reimplement the IPsec and crypto modules but keep all the more difficult to
build pieces of the puzzle (key management, policy, API, etc.).

									-Craig