Skip to main content

Profile for Certificate Use in IKE version 1

Document Type Expired Internet-Draft (individual)
Expired & archived
Author Paul E. Hoffman
Last updated 2003-12-23
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


The use of certificates for authenticating the creation of IPsec security associations has long been fraught with difficulty. The specifications in IKE version 1 are sometimes ambiguous about important issues, and developers of IPsec systems are often unprepared to deal with the complexities of PKIX certificates and certificate handling. This document is a profile of certificate use in IPsec whose primary goal is to greatly increase interoperability while maintaining high security.


Paul E. Hoffman

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)