State transfer (with digests) works as follows:

• State is requested from a provider
• Provider (1) gets the digest from NAKACK (below) and then (2) the application state from the channel (above)
• Between (1) and (2), some multicast message received can alter the state, as follows:
• Multicast message M is received
• At the same time, a state request is received
• To handle the state request, we ask NAKACK for the digest
• The digest contains M
• Now - before M is passed up - the digest is returned to STATE_TRANSFER and we fetch the state
  WITHOUT M ! When the state requester gets the state&digest, it will reject a resent M because it thinks
  it is in its state (because it is in its digest), however M is not part of the state !

Other issue:

• M is received after the digest has been retrieved by STATE_TRANSFER, but then M passes the state transfer and is received by the channel and applied to the state before the state request can fetch the state. Now M is not part of the digest, but it is part of the state !

SOLUTION:

• When getting the digest, set a flag (in NAKACK) such that all subsequent multicast up-messages are blocked (or add them into a bounded FIFO list)
• Fetch the state from the channel (the application)
• Unblock NAKACK (send down an UNBLOCK event)
• Return the state&digest to the state requester