diff --git a/Source/charon/Makefile b/Source/charon/Makefile
index a726bba8e..88928d2d8 100644
--- a/Source/charon/Makefile
+++ b/Source/charon/Makefile
@@ -18,10 +18,7 @@ MAIN_DIR= ./
 
 LDFLAGS= -lgmp -lpthread
 
-CFLAGS+= -Wall \
-		 -DLEAK_DETECTIVE \
-		 -I. \
-		 -g #-Werror
+CFLAGS+= -Wall -I. -g -DLEAK_DETECTIVE 
 
 # objects is extended by each included Makefile
 OBJS= 
diff --git a/Source/charon/sa/child_sa.c b/Source/charon/sa/child_sa.c
index 8571ad055..c18b760f2 100644
--- a/Source/charon/sa/child_sa.c
+++ b/Source/charon/sa/child_sa.c
@@ -24,6 +24,8 @@
 
 
 #include <utils/allocator.h>
+#include <daemon.h>
+
 
 typedef struct private_child_sa_t private_child_sa_t;
 
@@ -37,9 +39,14 @@ struct private_child_sa_t {
 	child_sa_t public;
 	
 	/**
-	 * Type of this child sa, ESP or AH.
+	 * CHILD_SAs own logger
 	 */
-	protocol_id_t sa_type;	
+	logger_t *logger;
+	
+	/**
+	 * Protocols used in this SA
+	 */
+	protocol_id_t protocols[2];
 };
 
 
@@ -56,22 +63,61 @@ static u_int32_t get_spi(private_child_sa_t *this)
  */
 static void destroy(private_child_sa_t *this)
 {
+	charon->logger_manager->destroy_logger(charon->logger_manager, this->logger);
 	allocator_free(this);
 }
 
 /*
  * Described in header.
  */
-child_sa_t * child_sa_create(protocol_id_t sa_type, prf_plus_t *prf_plus)
+child_sa_t * child_sa_create(child_proposal_t *proposal, prf_plus_t *prf_plus)
 {
 	private_child_sa_t *this = allocator_alloc_thing(private_child_sa_t);
+	u_int i;
 
 	/* public functions */
 	this->public.get_spi = (u_int32_t(*)(child_sa_t*))get_spi;
 	this->public.destroy = (void(*)(child_sa_t*))destroy;
 
 	/* private data */
-	this->sa_type = sa_type;
+	this->logger = charon->logger_manager->create_logger(charon->logger_manager, CHILD_SA, NULL);
+	proposal->get_protocols(proposal, this->protocols);
+	
+	/* derive keys */
+	for (i = 0; i<2; i++)
+	{
+		if (this->protocols[i] != UNDEFINED_PROTOCOL_ID)
+		{
+			algorithm_t *algo;
+			chunk_t key;
+			
+			/* get encryption key */
+			if (proposal->get_algorithm(proposal, this->protocols[i], ENCRYPTION_ALGORITHM, &algo))
+			{
+				this->logger->log(this->logger, CONTROL|LEVEL1, "%s: using %s %s, ",
+								  mapping_find(protocol_id_m, this->protocols[i]),
+								  mapping_find(transform_type_m, ENCRYPTION_ALGORITHM),
+								  mapping_find(encryption_algorithm_m, algo->algorithm));
+				
+				prf_plus->allocate_bytes(prf_plus, algo->key_size, &key);
+				this->logger->log_chunk(this->logger, PRIVATE, "key:", &key);
+				allocator_free_chunk(&key);
+			}
+			
+			/* get integrity key */
+			if (proposal->get_algorithm(proposal, this->protocols[i], INTEGRITY_ALGORITHM, &algo))
+			{
+				this->logger->log(this->logger, CONTROL|LEVEL1, "%s: using %s %s,",
+								  mapping_find(protocol_id_m, this->protocols[i]),
+								  mapping_find(transform_type_m, INTEGRITY_ALGORITHM),
+								  mapping_find(integrity_algorithm_m, algo->algorithm));
+				
+				prf_plus->allocate_bytes(prf_plus, algo->key_size, &key);
+				this->logger->log_chunk(this->logger, PRIVATE, "key:", &key);
+				allocator_free_chunk(&key);
+			}
+		}
+	}
 	
 	return (&this->public);
 }
diff --git a/Source/charon/sa/child_sa.h b/Source/charon/sa/child_sa.h
index 7c2e5a399..8a7462594 100644
--- a/Source/charon/sa/child_sa.h
+++ b/Source/charon/sa/child_sa.h
@@ -33,7 +33,6 @@ typedef struct child_sa_t child_sa_t;
 /**
  * @brief Represents a CHILD_SA between to hosts.
  * 
- * An IKE_SA must already be established.
  * 
  * @b Constructors:
  *  - child_sa_create
@@ -68,16 +67,6 @@ struct child_sa_t {
  * @return				child_sa_t object
  * @ingroup sa
  */
-child_sa_t * child_sa_create(protocol_id_t protocol_id, prf_plus_t *prf_plus);
-
-/**
- * @brief Constructor to create a new CHILD_SA.
- * 
- * @param protocol_id	protocol id (AH or ESP) of CHILD_SA
- * @param prf_plus		prf_plus_t object use to derive shared secrets
- * @return				child_sa_t object
- * @ingroup sa
- */
-child_sa_t * child_sa_create_with_spi(protocol_id_t protocol_id, prf_plus_t *prf_plus);
+child_sa_t * child_sa_create(child_proposal_t *proposal, prf_plus_t *prf_plus);
 
 #endif /*_CHILD_SA_H_*/
diff --git a/Source/charon/sa/states/ike_auth_requested.c b/Source/charon/sa/states/ike_auth_requested.c
index 743166ddb..60369ba28 100644
--- a/Source/charon/sa/states/ike_auth_requested.c
+++ b/Source/charon/sa/states/ike_auth_requested.c
@@ -33,6 +33,7 @@
 #include <transforms/crypters/crypter.h>
 #include <sa/states/ike_sa_established.h>
 #include <sa/authenticator.h>
+#include <sa/child_sa.h>
 
 typedef struct private_ike_auth_requested_t private_ike_auth_requested_t;
 
@@ -327,7 +328,9 @@ static status_t process_sa_payload(private_ike_auth_requested_t *this, sa_payloa
 {
 	child_proposal_t *proposal, *proposal_tmp;
 	linked_list_t *proposal_list;
-	protocol_id_t proto;
+	child_sa_t *child_sa;
+	chunk_t seed;
+	prf_plus_t *prf_plus;
 	
 	/* get his selected proposal */
 	proposal_list = sa_payload->get_child_proposals(sa_payload);
@@ -366,27 +369,18 @@ static status_t process_sa_payload(private_ike_auth_requested_t *this, sa_payloa
 		this->logger->log(this->logger, AUDIT, "IKE_AUTH reply contained a not offered proposal. Deleting IKE_SA");
 		return DELETE_ME;
 	}
-	this->logger->log(this->logger, CONTROL|LEVEL1, "selected proposals:");
-	for (proto = AH; proto <= ESP; proto++)
-	{
-		transform_type_t types[] = {ENCRYPTION_ALGORITHM, INTEGRITY_ALGORITHM, DIFFIE_HELLMAN_GROUP, EXTENDED_SEQUENCE_NUMBERS};
-		mapping_t *mappings[] = {encryption_algorithm_m, integrity_algorithm_m, diffie_hellman_group_m, extended_sequence_numbers_m};
-		algorithm_t *algo;
-		int i;
-		for (i = 0; i<sizeof(types)/sizeof(transform_type_t); i++)
-		{
-			if (proposal->get_algorithm(proposal, proto, types[i], &algo))
-			{
-				this->logger->log(this->logger, CONTROL|LEVEL1, "%s: using %s %s (keysize: %d)",
-								  mapping_find(protocol_id_m, proto),
-								  mapping_find(transform_type_m, types[i]),
-								  mapping_find(mappings[i], algo->algorithm),
-								  algo->key_size);
-			}
-		}
-	}
+
+	/* install child SAs for AH and esp */
+	seed = allocator_alloc_as_chunk(this->sent_nonce.len + this->received_nonce.len);
+	memcpy(seed.ptr, this->sent_nonce.ptr, this->sent_nonce.len);
+	memcpy(seed.ptr + this->sent_nonce.len, this->received_nonce.ptr, this->received_nonce.len);
+	prf_plus = prf_plus_create(this->ike_sa->get_child_prf(this->ike_sa), seed);
+	allocator_free_chunk(&seed);
+	
+	child_sa = child_sa_create(proposal, prf_plus);
+	prf_plus->destroy(prf_plus);
+	child_sa->destroy(child_sa);
 	
-	/* TODO: Proposal? child_sa */
 	proposal->destroy(proposal);
 	
 	return SUCCESS;
diff --git a/Source/charon/sa/states/ike_sa_init_responded.c b/Source/charon/sa/states/ike_sa_init_responded.c
index 848d27db7..2c21992e6 100644
--- a/Source/charon/sa/states/ike_sa_init_responded.c
+++ b/Source/charon/sa/states/ike_sa_init_responded.c
@@ -25,6 +25,7 @@
 #include <daemon.h>
 #include <utils/allocator.h>
 #include <sa/authenticator.h>
+#include <sa/child_sa.h>
 #include <encoding/payloads/ts_payload.h>
 #include <encoding/payloads/sa_payload.h>
 #include <encoding/payloads/id_payload.h>
@@ -389,7 +390,9 @@ static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_paylo
 	child_proposal_t *proposal, *proposal_tmp;
 	linked_list_t *proposal_list;
 	sa_payload_t *sa_response;
-	protocol_id_t proto;
+	child_sa_t *child_sa;
+	prf_plus_t *prf_plus;
+	chunk_t seed;
 	
 	/* TODO: child sa stuff */
 	
@@ -421,51 +424,23 @@ static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_paylo
 		this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER);
 		return DELETE_ME;	
 	}
-	for (proto = AH; proto <= ESP; proto++)
-	{
-		transform_type_t types[] = {ENCRYPTION_ALGORITHM, INTEGRITY_ALGORITHM, DIFFIE_HELLMAN_GROUP, EXTENDED_SEQUENCE_NUMBERS};
-		mapping_t *mappings[] = {encryption_algorithm_m, integrity_algorithm_m, diffie_hellman_group_m, extended_sequence_numbers_m};
-		algorithm_t *algo;
-		int i;
-		for (i = 0; i<sizeof(types)/sizeof(transform_type_t); i++)
-		{
-			if (proposal->get_algorithm(proposal, proto, types[i], &algo))
-			{
-				this->logger->log(this->logger, CONTROL|LEVEL1, "%s: using %s %s (keysize: %d)",
-									mapping_find(protocol_id_m, proto),
-									mapping_find(transform_type_m, types[i]),
-									mapping_find(mappings[i], algo->algorithm),
-									algo->key_size);
-			}
-		}
-	}
 	
 	/* create payload with selected propsal */
 	sa_response = sa_payload_create_from_child_proposal(proposal);
 	response->add_payload(response, (payload_t*)sa_response);
-	proposal->destroy(proposal);
 	
 	/* install child SAs for AH and esp */
-// 	algorithm_t *encr, *integ;
-// 	char enc_key_buffer[] = "123";
-// 	chunk_t enc_key = {ptr: enc_key_buffer, len: 4};
-// 	char int_key_buffer[] = "345";
-// 	chunk_t int_key = {ptr: int_key_buffer, len: 4};
-// 	proposal->get_algorithm(proposal, ESP, ENCRYPTION_ALGORITHM, &encr);
-// 	proposal->get_algorithm(proposal, ESP, INTEGRITY_ALGORITHM, &integ);
-// 	
-// 	charon->kernel_interface->add_sa(charon->kernel_interface, 
-// 									 this->ike_sa->get_my_host(this->ike_sa),
-// 									 this->ike_sa->get_other_host(this->ike_sa),
-// 									 proposal->get_spi(proposal, AH),
-// 									 AH,
-// 									 TRUE, 
-// 									 encr->algorithm, encr->key_size, enc_key,
-// 									 integ->algorithm, integ->key_size, int_key,
-// 									 TRUE);
-// 	
-// 	POS;
+	seed = allocator_alloc_as_chunk(this->received_nonce.len + this->sent_nonce.len);
+	memcpy(seed.ptr, this->received_nonce.ptr, this->received_nonce.len);
+	memcpy(seed.ptr + this->received_nonce.len, this->sent_nonce.ptr, this->sent_nonce.len);
+	prf_plus = prf_plus_create(this->ike_sa->get_child_prf(this->ike_sa), seed);
+	allocator_free_chunk(&seed);
 	
+	child_sa = child_sa_create(proposal, prf_plus);
+	prf_plus->destroy(prf_plus);
+	child_sa->destroy(child_sa);
+	
+	proposal->destroy(proposal);	
 	return SUCCESS;
 }
 
diff --git a/Source/charon/utils/logger.c b/Source/charon/utils/logger.c
index 748a76568..6b1a91d8b 100644
--- a/Source/charon/utils/logger.c
+++ b/Source/charon/utils/logger.c
@@ -173,12 +173,7 @@ static void logg(private_logger_t *this, logger_level_t loglevel, char *format,
 static void log_bytes(private_logger_t *this, logger_level_t loglevel, char *label, char *bytes, size_t len)
 {
 	static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
-	
-	/* since me can't do multi-line output to syslog, 
-	 * we must do multiple syslogs. To avoid
-	 * problems in output order, lock this by a mutex.
-	 */
-	pthread_mutex_lock(&mutex);
+
 	
 	if ((this->level & loglevel) == loglevel)
 	{
@@ -187,6 +182,13 @@ static void log_bytes(private_logger_t *this, logger_level_t loglevel, char *lab
 		char *buffer_pos;
 		char *bytes_pos, *bytes_roof;
 		int i;
+		int line_start = 0;
+			
+		/* since me can't do multi-line output to syslog, 
+		* we must do multiple syslogs. To avoid
+		* problems in output order, lock this by a mutex.
+		*/
+		pthread_mutex_lock(&mutex);
 		
 		
 		format = "%s (%d bytes)";
@@ -217,12 +219,13 @@ static void log_bytes(private_logger_t *this, logger_level_t loglevel, char *lab
 				buffer_pos = buffer;
 				if (this->output == NULL)
 				{
-					syslog(LOG_INFO, "| %s", buffer);	
+					syslog(LOG_INFO, "[=>] [%5d ] %s", line_start, buffer);	
 				}
 				else
 				{
-					fprintf(this->output, "| %s\n", buffer);
+					fprintf(this->output, "[=>] [%5d ] %s\n", line_start, buffer);
 				}
+				line_start += 16;
 			}
 			else if ((i % 8) == 0)
 			{
@@ -249,15 +252,15 @@ static void log_bytes(private_logger_t *this, logger_level_t loglevel, char *lab
 			buffer_pos = buffer;
 			if (this->output == NULL)
 			{		
-				syslog(LOG_INFO, "| %s", buffer);
+				syslog(LOG_INFO, "[=>] [%5d ] %s", line_start, buffer);
 			}
 			else
 			{
-				fprintf(this->output, "| %s\n", buffer);
+				fprintf(this->output, "[=>] [%5d ] %s\n", line_start, buffer);
 			}
 		}
+		pthread_mutex_unlock(&mutex);
 	}
-	pthread_mutex_unlock(&mutex);
 }
 
 /**
diff --git a/Source/charon/utils/logger_manager.c b/Source/charon/utils/logger_manager.c
index 13f8e49ee..036024180 100644
--- a/Source/charon/utils/logger_manager.c
+++ b/Source/charon/utils/logger_manager.c
@@ -35,6 +35,7 @@ mapping_t logger_context_t_mappings[] = {
 	{GENERATOR, "GENRAT"},
 	{IKE_SA, "IKE_SA"},
 	{IKE_SA_MANAGER, "ISAMGR"},
+	{CHILD_SA, "CHLDSA"},
 	{MESSAGE, "MESSAG"},
 	{THREAD_POOL, "THPOOL"},
 	{WORKER, "WORKER"},
@@ -46,7 +47,6 @@ mapping_t logger_context_t_mappings[] = {
 	{DAEMON, "DAEMON"},
 	{CONFIGURATION_MANAGER, "CONFIG"},
 	{ENCRYPTION_PAYLOAD, "ENCPLD"},
-	{PRIME_POOL, "PRIMEP"},
 	{MAPPING_END, NULL},
 };
 
@@ -178,6 +178,10 @@ static logger_t *create_logger(private_logger_manager_t *this, logger_context_t
 			logger_level |= LEVEL1;
 			log_thread_ids = TRUE;
 			break;
+		case CHILD_SA:
+			logger_level |= LEVEL1|PRIVATE;
+			log_thread_ids = TRUE;
+			break;
 		case CONFIGURATION_MANAGER:
 			log_thread_ids = TRUE;
 			break;
@@ -198,8 +202,6 @@ static logger_t *create_logger(private_logger_manager_t *this, logger_context_t
 			break;
 		case THREAD_POOL:
 			break;
-		case PRIME_POOL:
-			break;
 		case SCHEDULER:
 			logger_level = 0;
 			break;
diff --git a/Source/charon/utils/logger_manager.h b/Source/charon/utils/logger_manager.h
index 3c04a55d4..41466b2a9 100644
--- a/Source/charon/utils/logger_manager.h
+++ b/Source/charon/utils/logger_manager.h
@@ -40,6 +40,7 @@ enum logger_context_t {
 	GENERATOR,
 	IKE_SA,
 	IKE_SA_MANAGER,
+	CHILD_SA,
 	MESSAGE,
 	THREAD_POOL,
 	WORKER,
@@ -51,7 +52,6 @@ enum logger_context_t {
 	DAEMON,
 	CONFIGURATION_MANAGER,
 	ENCRYPTION_PAYLOAD,
-	PRIME_POOL,
 };