>> >I'm not sure if racoon.conf should be "mode=0644", or "mode=0600 tags=nodiff"
>> 	i guess 644 is ok.
>Could racoon be set up in a weak manner, such that knowing how it was
>improperly set help an attacker? If so, perhaps we should not expose
>this information, to make the attack a bit harder.

	the only "weak manner" config i can think of (in racoon.conf) is the
	use of aggressive mode.  no big deal.

itojun