Please let me know your opinion about IPsec export issue.

	I will soon be committing KAME IPv6/IPsec code into the tree.
	(IPv6 part will be superseded by unified-ipv6 when unified-ipv6
	becomes ready).  One thing annoys me is IPsec part and US export
	control issues.  I would like to know which part in the kernel
	is okay to go into base tree, and which part must be in
	crypto-{intl,us} tree.
	My current understanding, from seeing what others do, is as follows.

	Subject to export control:
	- ESP header handling code
		sys/netinet6/esp*
	- crypto algorithm code (DES, RC5, CAST128, whatever)
		sys/crypto/*,
	- IKE (ISAKMP) key exchange code
	Not subject to export control:
	- checksum algorithm (MD5 or SHA1: they are already in sys/lib/libkern)
	- AH, IPComp header handling code
		sys/netinet6/{ah,ipcomp}*
	- kernel key database part
		sys/netkey/*
	- IPsec policy control
		sys/netinet6/ipsec*

	In the following URL, you can see KAME cvs repository.  Files marked
	with "ipsec_esp" are, from my undestanding, the files that are
	subject to export control.
	http://www2.kame.net/dev/cvsweb.cgi/sys/conf/files?cvsroot=kame-netbsd
	Each of the files can be checked by clicking through the tree.

	Could anyone check if I'm correct about this?  I need to be sure
	about this before committing something...

itojun