I'm happy to report that I managed to find the problems in the 
TCP_SIGNATURE code that were causing my machine to crash, and
with the patches in kern/26062 applied to the NetBSD kernel, and
Bruce M. Simpson's patches to quagga 0.96.4 applied, I am able to
peer quagga's bgpd running on NetBSD-2.0F with a Cisco, using
password-protected sessions.

The only directly-RFC2385 related problem is that the tcp_signature()
function is including the TCP options in the MD5 hash, which violates
the spec and makes interoperability impossible.

With the patch, it works with either FAST_IPSEC or KAME IPSEC code.

my test kernel config looks like this:

include "arch/i386/conf/GENERIC.MP"

options IPSEC
options IPSEC_ESP
options IPSEC_DEBUG
options TCP_SIGNATURE

options DEBUG
makeoptions     DEBUG="-g"

I would greatly appreciate it if someone with more knowledge than
me could look over the patch and let me know how it could be improved...

Thanks,
+j

-- 
Jeff Rizzo                                         http://www.redcrowgroup.com/