I would prefer that the SASL EXTERNAL mechanism be used to pick up the IPSEC credentials to the LDAP level, rather than a new protocol field. Mark Wahl, Directory Architect, Service Provider/Infrastructure Innosoft, part of Sun Microsystems, Inc.'s iPlanet alliance