JFK Algorithm Choice

[Eric Rescorla <ekr@rtfm.com>]

I just finished reading the new JFK draft at VPNC and I'm still 
unclear on how algorithm choice is supposed to work. 

As I understand it, there are actually two different sets of
algorithms: those used for protecting MSG 3 and MSG 4 (JFK
algorithms) and those used in the SA being established (SA algorithms).

(1) JFK Algorithm Choice
I think I understand this one, but I'd like to be sure. The
responder provides his choice of algorithms in GRPINFOr in
MSG 2. This includes the digest algorithm, the symmetric
encryption algorithm and one or more DH groups. The initiator
can take them or leave them.

(2) SA Algorithm Choice
My general understanding of how this works (based on S 2.2) is as
follows: 

(1) The	initiator offers some set of algorithms in the SA 
    payload of MSG 3.
(2) The responder chooses one and sends it in the SA' payload
    in MSG 4.

Is this more or less correct?

Questions:
(1) What exactly are the contents of the SA payload. Section
2.1 says:

   sa: Defines the cryptographic and other properties of the Security
       Association (SA) the Initiator wants to establish.  It contains
       a Domain-of-Interpretation, which JFK understands, and an
       application-specific bitstring.

Is the idea here that this is the Security Association payload
described in S 4.6.1 of RFC 2407 (possibly profiled down)?  If so,
this appears to be inconsistent with the claim in S 5 that:

   the
   acceptable combinations are denoted by 16-bit, unstructured
   integers.

Since this isn't how things are done in 2407, as I understand it.

(2) You list algorithms that "must be supported". Does this mean
that they must be enabled or merely implemented?

(3) How does the responder indicate that the initiator hasn't
offered any algorithms that it supports? Is there some way to
give a hint?

-Ekr