I'm the assigned ART reviewer for this document. While I'm aware of IPSEC-IKE and its use, I have no competency in this technology, therefore I have not verified the substantive protocol specification itself.

Comment 1)
The draft does not specify any fallback procedure or how to handle the situation when no proper authentication  method can be chosen by one of the peers. Maybe it is specified elsewhere? Or maybe it is so obvious there is no point in saying? Or it may be useful to specify some?

Nits:
3.2.2 "If no Certificate Request payload were receives" s/receives/received/ ?