There are a few daemons in base that make a point of zeroing all data read from PF_KEY sockets. However, Benjamin Baier and I have looked into it a litle (RFC 2367 et al.) and it seems that this may only be metadata. To those with PF_KEY experience: is it worth zeroing?
