The PKM-CA-Cert Attribute is variable length and MAY be
transmitted in the Access-Request message. The Value field is of
type string and contains the X.509 certificate used by
the CA to sign the SS certificate carried in the PKM-SS-Cert
attribute () in the same message.
The minimum size of a CA certificate exceeds the maximum size of a
RADIUS attribute. Therefore, the client MUST encapsulate the
certificate in the Value fields of two or more instances of the
PKM-CA-Cert Attribute, each (except possibly the last) having a
length of 255 octets. These multiple PKM-CA-Cert Attributes MUST
appear consecutively and in order within the packet. Upon
receipt, the RADIUS server MUST recover the original certificate
by concatenating the Value fields of the received PKM-CA-Cert
Attributes in order.
A summary of the PKM-CA-Cert Attribute format is shown below. The
fields are transmitted from left to right.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
| Type | Len | Value...
138 for PKM-CA-Cert
The Value field is variable length and contains a (possibly
complete) portion of an X.509 certificate.