Come on, "coming up with a good 128 bit or 256 bit key" is only a very small part of key management (and, as you note, probably also the easiest part of key management).
What I did was come up with the simplest, most reliable key management system there is (static keying with secure keys), and presumed it to be safe.
Then I pointed out that such an application is still likely to be boned by implementation flaws that have nothing to do with how the keys are established.
You know this.