[noise] expected length of messages during handshake

[David Wong]

Hello,

I'm guessing that a client/server application need to be able to
receive fragmented handshake messages. This becomes complicated when
we don't know what kind of length to expect (since a data can be sent
encrypted at the end of each message pattern).

This is also a problem post-handshake (btw I really think the spec
needs a post-handshake section, even if short and redundant) where
there are no indications for the expected lengths of received
ciphertext.

Did I miss something?

Cheers,
David