a. Suppose that TCP is being run over IPsec with the AH protocol. If TCP retransmits the same packet, then the two packets will have the same sequence number in the AH header.
b. Consider sending a stream of packets from Host A to Host B using IPsec. Typically, a new SA will be established for each packet sent in the stream.
c. Suppose certifier.com creates a certificate for foo.com. Typically the entire certificate would be encrypted with certifer.coms public key.
d. Suppose Alice and Bob are communicating over an SSL session. Suppose an attacker, who does not have any of the shared keys, inserts a bogus TCP segment into a packet stream with correct TCP checksum and sequence numbers (and correct IP addresses and port numbers). SSL at the receiving side will accept the bogus packet and pass the payload to the receiving application.
e. Consider encrypting a large file with Cipher Block Chaining. With this mechanism, the source sends an Initialization Vector (IV) and the secret key in cleartext to the receiver.
f. Recall the cryptographic hash used for distributing OSPF messages. as discussed in class. For a router to verify the integrity of the message. it must share a secret key with the router that created the message.
