Hi, The "PKIX profile for IKE" draft mentioned that the ID used in IKE negotiation, must match with the subjectName or SubjectAltName within the peer certificate. Can someone please help me to understand the risk involved with not doing this match during MAIN/AGGR modes? Mohamed Eissa Intel of Canada