Also, it seems clear that any implementation that adheres to the spec as it is will either a) produce just one set of SAs in this case (see Paul's response), or b) propose N>=1 sets of SAs. The (b) case should interop with the (a) case just fine, resulting in N==1 set of SAs. All three possible combinations of implementation behaviors should interop.
Nico -- _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
