>: 	Please let me know your opinion about IPsec export issue.
>Before importing crypto code into the *kernel*, it needs to be separated
>into IPsec and non-IPsec code, with the former in a segregated tree.

	Could you please let me know more detail about what you think?
	At this moment my plan is to put export-controlled code into
	crypto-{intl,us}/sys/somewhere,6}, and non-controlled part into
	syssrc/sys/netinet{,6}.

	For binaries, you can decrease/increase footprint by "options IPSEC"
	and "options IPSEC_ESP".

	with no options:		no IPsec in the kernel binary
	options IPSEC:			AH, IPComp, policy, key database
	options IPSEC + IPSEC_ESP	above + ESP

>This doesn't break IPv6 compliance for distributions that carry the IPsec
>code, and also allows crypto-restricted places (which can even be
>organizations, not just countries) to carry a crypto-less tree.

	I believed that crypto-{intl,us} was made for that.

itojun