>Um, some application programs will do multiple host transactions, 
>possibly (probably) with different security constraints for each 
>host. To use your example:
>	% secure telnet peer
>What about the DNS transaction to get the IP address of "peer"?
>I recognize that you're trying to make IPsecurity useful without 
>requiring a wholesale change to every IP-speaking application, but 
>I'm not sure that's really possible...
>	just thinking out loud,

	you right.  i will need some trick to allow DNS lookups to go out
	without ipsec...

itojun