Embodiments also include a responder for enabling secured, authenticated communication between an initiator and the responder. The responder is configured to receive a message from the initiator over a secure communication channel established between the initiator and the responder. In some embodiments, the message includes information indicating a third party whose signing of data (e.g., bound to the secure communication channel) will authenticate the responder to the initiator. The responder may also be configured to retrieve from the indicated third party data (e.g., that is bound to the secure communication channel and) that is signed by the third party. The responder may further be configured to transmit, by the responder and over the secure communication channel, a response to the message that includes the retrieved data (e.g., that is bound to the secure communication channel and) that is signed by the third party. In some embodiments, the responder is also configured to, after the responder is authenticated to the initiator, negotiate, on behalf of a security service (e.g., IPSec), one or more security associations (e.g., an IPSec SA) for a secure traffic channel between the initiator and the responder.

Embodiments further include third party equipment of a third party for enabling secured, authenticated communication between an initiator and a responder. The third party equipment is configured to receive, at the third party equipment and from the responder, a request that includes data (e.g., bound to a secure communication channel established between the initiator and the responder) and that requests the third party to sign the data. The third party equipment may further be configured to sign the data at the third party equipment and transmit the signed data from the third party equipment towards the responder in response to the request.