All, In section 3.6 (top of page 94), there is the statement, "If multiple certificates are sent, the first certificate MUST contain the public key used to sign the AUTH payload." "sign" should be "validate". Regards, Tony -- Tony Putman Alcatel-Lucent Technologies -----Original Message----- From: IPsec [mailto:ipsec-bounces@xxxxxxxx] On Behalf Of The IESG Sent: Friday, April 04, 2014 9:28 PM To: IETF-Announce Cc: ipsec@xxxxxxxx Subject: [IPsec] Last Call: <draft-kivinen-ipsecme-ikev2-rfc5996bis-02.txt> (Internet Key Exchange Protocol Version 2 (IKEv2)) to Internet Standard The IESG has received a request from the IP Security Maintenance and Extensions WG (ipsecme) to consider the following document: - 'Internet Key Exchange Protocol Version 2 (IKEv2)' <draft-kivinen-ipsecme-ikev2-rfc5996bis-02.txt> as Internet Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@xxxxxxxx mailing lists by 2014-04-18. Exceptionally, comments may be sent to iesg@xxxxxxxx instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document describes version 2 of the Internet Key Exchange (IKE) protocol. IKE is a component of IPsec used for performing mutual authentication and establishing and maintaining Security Associations (SAs). This document replaces and updates RFC 5996, and includes all of the errata for it, and it is intended to update IKEv2 to be Internet Standard. The file can be obtained via http://datatracker.ietf.org/doc/draft-kivinen-ipsecme-ikev2-rfc5996bis/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-kivinen-ipsecme-ikev2-rfc5996bis/ballot/ No IPR declarations have been submitted directly on this I-D. _______________________________________________ IPsec mailing list IPsec@xxxxxxxx https://www.ietf.org/mailman/listinfo/ipsec