The new draft introduces authentication with preshared secrets. There is nothing in the draft the would preclude one side from authenticating with certificates and the other side authenticating with preshared secrets. Is this intentional, and in what cases would it be a good idea? --Paul Hoffman, Director --VPN Consortium