Note: How is this different from normal TLS 1.3?
Does it really merit inclusion? Perhaps we can delete #3
Replay attacks are prevented due to the fact that the server
generates a unique 32-byte ServerHello.random field using a
strong random number generator, and this value is included in the
traffic key derivation procedure.
Note: How is this different from normal TLS 1.3? Does it really merit inclusion? Perhaps we can delete #3