As Thomas Ptacek more accurately describes in his post, this disables the ESP Auth checks (after the fix) if the NIC has already completed them. Before the fix, the software ESP auth check would run only when the NIC had already done them, so never if the NIC had not done them.