> > A key database where you could share ssh host keys with ipsec would
> > be good too.  
> The professional paranoid in me worries that reusing the same key for
> both purposes might have unexpected consequences..

I figured I must have misunderstood because I don't see why one would
want to share a single per-host key between different algorithms
either.

Let's say SSH puts its public key for host X into /etc/big-file-o-keys.  
Now if ipsec were to use that same host key for DES it would be using
what for all purposes was a disclosed key.  Not good.

-wolfgang
-- 
       Wolfgang Rupprecht <wolfgang+gnus@dailyplanet.wsrcc.com>
		    http://www.wsrcc.com/wolfgang/
Coming soon: GPS mapping tools for Open Systems. http://www.gnomad-mapping.com/