Tony Arcieri

I think using anything with "IV" in the name is going to confuse AEAD users where "nonce" is the term-of-art, and documenting that "IV is actually the same as nonce"...

I don't see a problem with stream ciphers, where "IV" is commonly used. Nobody uses "IV" in the context of AEADs. It's always "nonce".

I would say djb's use of "nonce" with Salsa/ChaCha is something of a neologism. I've always seen "initialization vector" with older stream ciphers like RC4. I've *never* seen "initialization vector"...

For the trait to actually be impl'd on the existing AEAD types, I'd think I'd like something shaped roughly like: ```rust pub trait AeadIncremental: AeadCore { type Aad: ...; type...

I'm also not entirely opposed to "chunked" naming. It's easier to type. I just worry about confusion over fixed/variable size.

This couples the `KeyInit` trait to the version of `crypto-common` in use by the `sha2` crate. At the very least this needs a versioning strategy which can tolerate upgrades.

@carloskiki there will hopefully be a v0.14 release of `elliptic-curve` out soon along with corresponding v0.14 releases of `ff`/`group`. It would be good to target those (at least the prereleases...

@carloskiki I think it's fine to impl them just for `EdwardsPoint` and `RistrettoPoint` for now

We don't currently use them with the `elliptic-curve` crate but potentially could. That would probably be the proper way to implement them (e.g. like #746)

@rozbb the main advantage would probably be having a common trait-based API that can work across several key types, more for consistency than generic abstractions, IMO