RFC2407 outlines the Identification Payload in section 4.6.2, which appears in the fifth and sixth packets of the Main Mode's SA negotiation when using IKEv1. What is this information used for?
From what I understand, when using PSK, this gets set to the IP address of the VPN peer, which can already be found in the source IP field. The source IP field might not be encrypted, but so what? Is there some advantage to having this same IP information encrypted?
Doesn't the fact that both sides know the PSK, or both have the private key that goes with the certificate they present already identify them? Why does the Identification Payload need to identify them again?
