When an ISAKMP received a signature payload without the optional certificate payload, in order to get the peer's public key for signature verfication, shall the ISAKMP send a certificate request to the peer or try to retrieve it through certificate repository? Seems that sending a certificate request makes more sense. Thanks! Cliff Wang cxwang@us.ibm.com