<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from rtf -->
<style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<font face="Arial, sans-serif" size="2">
<div>Hello,</div>
<div> </div>
<div>At “§3.6. Certificate Payload” the RFC 4306 specifies:</div>
<div> </div>
<div>“The Certificate Payload, denoted CERT in this memo, provides a means to transport certificates or other authentication-related information via IKE. Certificate payloads SHOULD be included in an exchange if certificates are available to the sender unless
the peer has indicated an ability to retrieve this information from ***elsewhere…***”</div>
<div> </div>
<div>One questions related to this paragraph:</div>
<div> </div>
<div>Which is strongSwan behaviour when it receives in CERTREQ anchors for which it can’t build up a trusted path? Note: TS 33.310 V8.3.0 (2009-06) 3GPP document suggests that the system sends all its CA certificates in this case and let remote to decide.</div>
<div> </div>
<div>Best Regards</div>
<div>Mugur</div>
<div> </div>
<div> </div>
</font>
</body>
</html>