I believe IMHO, that there needs to be a mechanism for avoiding a collision on an IKE-SA rekey. In its absence nodes may end up assigning ownership of the child-SAs to different IKE-SAs. This subject has been brought up before (May 2002) but without a firm resolution. David