NTLM1/NTLM2 signing and sealing

[Luke Howard]

When confidentiality protection is requested for NTLM2 sealing, should 
the checksum (as well as the data) be RC4 encrypted with the sealing
key?

(See, inter alia, section 2.4 of draft-leach-digest-sasl-01.txt.)

FWIW, I can decrypt data fine but can never verify the checksum, 
regardless of whether I try to decrypt the checksum or not. Curious
to know if I'm missing something (I have followed your document 
closely).

-- Luke