The Internet IP Security PKI Profile of ISAKMP and PKIX

Document Type Expired Internet-Draft (ipsec WG)
Author Eric Rescorla 
Last updated 2015-10-14 (latest revision 2004-04-28)
Stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired (IESG: Dead)
Action Holders
Consensus Boilerplate Unknown
Telechat date
Responsible AD Russ Housley
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


ISAKMP and PKIX both provide frameworks that must be profiled for use in a given application. This document provides a profile of ISAKMP and PKIX that defines the requirements for using PKI technology in the context of IPsec. The document compliments protocol specifications such as IKE, which assume the existence of public key certificates and related keying materials, but which do not address PKI issues explicitly. This document addresses those issues.


Eric Rescorla (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)