In this case, we cannot respond with the same Auth-R message previously sent.

So, we will need to:

When sending an Identity message:

• It should be stored, without overwriting the previously sent Identity messages for this session.

When receiving an Identity Message in WAITING_AUTH_I:

• this line should be removed: "Forget the old their_ecdh, their_dh, their_ecdh_first, their_dh_first and Client Profile from the previously received Identity message."
• Instead, we should say, store the information of this Identity message in conjunction with earlier received Identity messages
• And, we should say, store the information from the previously sent Auth-R messages as well as the currently sent one
• Send a new Auth-R

When receiving an Auth-R Message in WAITING_AUTH_R:

• try to validate the message against all Identity messages sent
• if one succeeds, remove all Identity messages and send the Auth-I message in return

When receiving an Auth-I message in WAITING_AUTH_I:

• try to validate the message against all Auth-R messages sent
• if one succeeds, remove all Auth-R and Identity messages stored

Note that Identity message received on WAITING_AUTH_I will have an already set up instance tag that the other party has seen. So this should be validated as well.

This have been simplified to just send a new Auth-R message.