3.2.5.4 Receiving a DHCPv6 Information-Request Message for NKPU
If the IPv6 Allow List ADM element (section 3.2.1) is implemented and the IPv6 address of the request is not from a listed subnet, the server MUST ignore the request and take no further action. Note that the client MUST be authorized to contact the NKPU server on a listed subnet.
If the DHCPv6 Information-Request message, as specified in [RFC3315] section 15.12, is valid according to the rules in section 3.2.5, determine whether the value of the Thumbprint ADM element matches the server's PK ADM element value (section 3.1.1). If not, the server MUST ignore the request and take no further action. Otherwise, the server MUST do the following:
Decrypt the value of the KP ADM element (section 3.1.1) with the Private Key ADM element (section 3.2.1) value.
Extract the values of the CK and SK ADM elements (section 3.1.1).
Construct the KPR ADM element as specified in section 3.2.1.
Reply to the client by sending the message specified in section 3.2.5.2.