I took a quick look at this draft and IMO it is unnecessary, for two reasons:
1. There is already no requirement that you have an explicit nonce. RFC5246 merely requires that you specify the length of the explicit nonce, but that length can be 0, as it is in the ChaCha/Poly drafts. So, rather than build an extension it would be better to just define a new cipher suite if you think this is important. 2. TLS 1.3 already omits the explicit nonce entirely. -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
