.hP 5.
Split the message into blocks. For each block, pick a random IV from
the keystream, encrypt the block and emit a packet containing the
-IV, ciphertext and a MAC tag.
+IV, ciphertext, and a MAC tag over the ciphertext and a sequence number.
+.hP 6.
+The last chunk is the encryption of an empty plaintext block. No
+previous plaintext block is empty. This lets us determine the
+difference between a complete file and one that's been maliciously
+truncated.
.PP
That's it. Nothing terribly controversial, really.
.SH "SEE ALSO"