Hi everyone,
About the nonce being 64bit. (rfc7539 changed it to 96bit, which djb later calls xchacha)

You suggest that we use the "message sequence number" as the nonce for Chacha20, Is this number randomly generate or is this a counter?
And could it be reseted without rekeying?

If it is randomly generated then 64bit isn't secure enough. And we should either move to the chacha20 from RFC7539 which has 96bit nonce and 32bit counter or increment it manually every time.

If it's simply a counter then 64bit nonce should be fine :)

Thanks,
Elichai.

--
PGP: 5607C93B5F86650C