SA granularity

[pierluigimarra@blu.it]

I'm wondering about SA granularity,
Could someone help me, please?

in rfc 2401 pag. 14 I read :

"..For every IPsec implementation, there MUST be an administrative interface that allows a user or system administrator to manage the SPD. Specifically, every inbound or outbound packet is subject to processing by IPsec and the SPD must specify what action will be taken in each case. Thus the administrative interface must allow the user (or system administrator) to specify the security processing to be applied to any packet entering or exiting the system, on a packet by packet basis. (In a host IPsec implementation making use of a socket interface, the SPD may not need to be consulted on a per packet basis, but the effect is still the same.) The management interface for the SPD MUST allow creation of entries consistent with the selectors defined in Section 4.4.2, and MUST support (total) ordering of these entries. It is expected that through the use of wildcards in various selector fields, and because all packets on a single UDP or TCP connection will tend to match a single SPD entry, this requirement will not impose an unreasonably detailed level of SPD specification. The selectors are analogous to what are found in a stateless firewall or filtering router and which are currently manageable this way..."

My questions are:
1) Could be granularity so fine to associate  TCP connections to SAs ? (1:1)
2) Could receiver, dynamically, forces (or almost indicate) to the sender about the policy of mapping (e.g. force sender to use different SAs for different TCP connections)?

Thanks in advance,
Pierluigi