The ESS I-D eSSSecurityLabels can be different in the inner and outer
Also, as the ESS text is now, my understanding is that the originators
The inclusion of an eSSSecurityLabel is optional.
and must be part of the recipients access control
rules even it the label has no semantics in the receiving domain.
ESS does not mandate what action is taken when an access control error
occurs. That is a matter of local policy.
Those are the two issue I am arguing against.