| 11.1 | We rejected as impractical the idea of checking sequence numbers by remembering each sequence number received. Describe an algorithm that checks sequence numbers by remembering sequence numbers that should have been received but weren't. Critique the practicality of this idea. |
| 11.2 | Appendix C of RFC 2401 has a C code reference implementation for AH/ESP sequence number checking, but it uses a window that is 32 sequence numbers wide rather than the recommended 64. Modify the code in RFC 2401 to use a window of 64 sequence numbers. |
| 11.3 | Draw a network diagram, similar to Figure 11.8, showing an AH tunnel between a host and a network protected by a security gateway. |
| 11.4 | What is the trust model for Figure 11.8? That is, what assumptions is the network designer making about the security of the various parts of the network? |
| 11.5 | With respect to Figure 11.8, how does the NAT situation change if NAT is applied by devices between GW1 and GW2 instead of by the security gateways themselves? |
| 11.6 | Use gtunnel to build an AH-like authentication mechanism. For simplicity, use static keying and a single, fixed, authentication algorithm. Use either transport- or tunnel-mode encapsulation. |
