The idea behind 'totlen' was to provide replay protection by keeping track of the total data transmitted and comparing it with the value sent from the other party. However, as AES-CTR has a dedicated counter in the IV that keeps track of all messages in each direction, replayed messages are unable to be decrypted because the IV is incorrect. While it's true that 'totlen' is not required for replay protection, the protocol still requires some level of replay for robustness when nodes crash. Currently, there's a FIXME in the code for this case. Although combining the counter and length may be overkill, Rusty thought it was a cute idea.