So how does IPSEC AH defend against replay attacks? (Or has there been an explicit decision to not worry about replays?)