The procedure for digitally signing messages sent
between two participants in an Internet Key Exchange (IKE) session
is similar to digital certificate verification, with the following
differences:
Instead of making a digest from the CA certificate, the
sender makes it from the data in the IP packet payload.
Instead of using the CA's public-private key pair, the
participants use the sender's public-private key pair.
