From FTF minutes.
...
Some trickyness, for example, how to deal with a nodelist (without any parent element). The likely options include some fairly complex processing, or keeping it simple.
Folks lean towards keeping it simple and letting the application figure out how to deal with it before (and if) the decrypted data needs to be parsed.
Action Dillaway: tweak section 4.0 to represnt his understanding/proposal of recent discussions.
Two options:
Simon, earlier understanding that option 1 was more efficient.
Dillaway: but I'd like the default to be no nonce is expected.
Reagle: then you need something in the XML telling you regardless, and if we do that, why not just include the length as well?
Simon: why not represent it in XML, if people have problems will change.
Action Reagle: make it a declaration within CipherData using Eastlake's nonce proposal text where necessary.
Call: text is acceptable.