[Swan-dev] IKEv1: Remove all IPsec SA's of a connection when newest SA is removedrefs/heads/master

[D. Hugh Redelmeier]

| From: Antony Antony <antony at phenome.org>

| I am wondering woudn't this situation avoided by enabling "initial-contact"? 

It is an article of faith that initial-contact is an invitation to DoS
and should be ignored.  For this to be true, it must not be
authenticated, and I don't remember whether this is the case (and I
cannot check at the moment).