2013.01.10 05:57:24 (289234463311925249) from Daniel J. Bernstein, replying to unknown (289175437970665472):
@stouset It's not safe to release the decrypted plaintext before verifying the authenticator. This is why each packet needs authentication.