There is an issue if nodes attempt to economise on the number
of messaging associations by retaining a single one where several
have been set up with the same authenticated identity. at the
moment the spec says you MAY do this but doesn't indicate how
each end agrees this should be done (if one end doesn't agree,
some validation checks will fail and messages will be rejected.)

I lean towards a MUST or MUST NOT here, with updates to the 
text on validation in the former case.