3.4.5.5 Receiving Message #5

  • Article

On receipt of message #5, the host MUST validate the message in the following ways:

  • Use the SIG_I payload to verify the signature, as specified in [RFC2409] section 5.1. A successful verification proves that the peer has access to the private key that corresponds to the self-signed certificate passed in the CERT payload of message #5.

  • Retrieve the CGA parameter structure (that is, Modifier, Collision Count, and Extension Fields) from the ID_IPV6_CGA Identity payload (for details, see section 2.2.4).

  • Verify that the public key contained in the self-signed certificate and the parameter structure were used to generate the peer CGA, as specified in [RFC3972] section 5.

If an error is encountered during payload processing, or the CGA cannot be validated, the host MUST fail the negotiation, as specified in [RFC2408] section 5.

Then, the host MUST construct message #6 by using the procedure for constructing message #5, as specified in section 3.4.5.4.