Hi Ipsec experts, RFC 5996 section 3.7 3.7 <https://tools.ietf.org/html/rfc5996#section-3.7>. Certificate Request Payload
The Certificate Request payload, denoted CERTREQ in this document, provides a means to request preferred certificates via IKE and can appear in the IKE_INIT_SA response and/or the IKE_AUTH request. Certificate Request payloads* MAY* be included in an exchange when the sender needs to get the certificate of the receiver. Does that leave a scope for the following use case: The sender does not send a cert request payload, but still expects a certificate in the Auth Response. Regards Sulabh
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec