> On the receive side, the network layer passes > the SAID up with the (decrypted) packet so that the transport can > compare the SAID against the one it is supposed to be using for the > socket in question. Do you mean that the transport layer checks that the user id associated with the SAID is the same as the user id associated with the socket?