The PKM-SS-Cert Attribute is variable length and MAY be
transmitted in the Access-Request message. The Value field is of
type string and contains the X.509 certificate binding a
public key to the identifier of the Subscriber Station.
The minimum size of an SS certificate exceeds the maximum size of
a RADIUS attribute. Therefore, the client MUST encapsulate the
certificate in the Value fields of two or more instances of the
PKM-SS-Cert Attribute, each (except possibly the last) having a
length of 255 octets. These multiple PKM-SS-Cert Attributes MUST
appear consecutively and in order within the packet. Upon
receipt, the RADIUS server MUST recover the original certificate
by concatenating the Value fields of the received PKM-SS-Cert
Attributes in order.
A summary of the PKM-SS-Cert Attribute format is shown below. The
fields are transmitted from left to right.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
| Type | Len | Value...
137 for PKM-SS-Cert
The Value field is variable length and contains a (possibly
complete) portion of an X.509 certificate.