Um, some application programs will do multiple host transactions, 
possibly (probably) with different security constraints for each 
host. To use your example:

	% secure telnet peer

What about the DNS transaction to get the IP address of "peer"?

I recognize that you're trying to make IPsecurity useful without 
requiring a wholesale change to every IP-speaking application, but 
I'm not sure that's really possible...

	just thinking out loud,

	Erik <fair@clock.org>