[OpenTRV-dev] Further note, which I think guarantees IV/nonce uniqueness for all the purposes that I have in mind.

[Damon Hart-Davis]

*Note2: where the key is used for sending a message *from* the specified ID (ie the ID is a source address) the most-significant bit of the least significant byte (6) of the ID used in the nonce must be forced to one (1), which for OpenTRV ID will be its normal value, else if the the message is being sent *to* the specified ID, ie typically a back-channel, then the bit must be forced to zero (0). This allows the same key to be used for the back-channel and the IV/nonces will be unique. This changed bit is not transmitted, even if more bytes of ID are sent, ie the correct ID prefix is always transmitted but the nonce calculation is adjusted.