[Swan-dev] a better unified proposal matcher

[Paul Wouters]

On Thu, 26 Feb 2015, D. Hugh Redelmeier wrote:

> Then I read what your parenthetcal remark.  Why would you want to
> match ESP with DH?  How could they ever match?  I'm pretty sure that
> I'm missing something.

I think he means an ESP proposal protected by PFS (eg an additioal DH
with KE) in the CREATE_CHIKD_SA ?

similar to ikev1, where a modp on the ike line meant for Main Mode, and
an modp on the esp line meant for additional Quick Mode's.

Paul