diff --git a/impl-comments-christian/draft-ietf-core-oscore-groupcomm.html b/impl-comments-christian/draft-ietf-core-oscore-groupcomm.html
index edef270..f371694 100644
--- a/impl-comments-christian/draft-ietf-core-oscore-groupcomm.html
+++ b/impl-comments-christian/draft-ietf-core-oscore-groupcomm.html
@@ -1795,8 +1795,7 @@ <h4 id="name-group-encryption-algorithm">
 <a href="#section-2.1.6" class="section-number selfRef">2.1.6. </a><a href="#name-group-encryption-algorithm" class="section-name selfRef">Group Encryption Algorithm</a>
           </h4>
 <p id="section-2.1.6-1">The new parameter Group Encryption Algorithm identifies the algorithm to use for encryption and decryption, when messages are protected in group mode (see <a href="#mess-processing" class="auto internal xref">Section 8</a>). This algorithm <span class="bcp14">MAY</span> provide integrity protection. If this parameter is not set, the group mode is not used in the group.<a href="#section-2.1.6-1" class="pilcrow">¶</a></p>
-<p id="section-2.1.6-2">The following non-authenticated algorithms can be used as Group Encryption Algorithm: A128CBC, A192CBC, and A256CBC <span>[<a href="#RFC9459" class="cite xref">RFC9459</a>]</span>. The non-authenticated algorithm ChaCha20 <span>[<a href="#ChaCha" class="cite xref">ChaCha</a>]</span> is also suitable to consider, although using it will first require its registration in the "COSE Algorithms" Registry.<a href="#section-2.1.6-2" class="pilcrow">¶</a></p>
-<p id="section-2.1.6-3">The following non-authenticated algorithms <span class="bcp14">MUST NOT</span> be used as Group Encryption Algorithm: A128CTR, A192CTR, and A256CTR <span>[<a href="#RFC9459" class="cite xref">RFC9459</a>]</span>.<a href="#section-2.1.6-3" class="pilcrow">¶</a></p>
+<p id="section-2.1.6-2">A non-authenticated algorithm <span class="bcp14">MUST NOT</span> be used as Group Encryption Algorithm if it is not possible to ensure uniqueness of the (key, nonce) pairs. This is the case, for instance, for A128CTR, A192CTR, and A256CTR <span>[<a href="#RFC9459" class="cite xref">RFC9459</a>]</span>. Instead, examples of non-authenticated algorithms that can be used as Group Encryption Algorithm are A128CBC, A192CBC, and A256CBC <span>[<a href="#RFC9459" class="cite xref">RFC9459</a>]</span>.<a href="#section-2.1.6-2" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="ssec-common-context-cs-alg">
@@ -4020,10 +4019,6 @@ <h3 id="name-informative-references">
 <a href="#section-15.2" class="section-number selfRef">15.2. </a><a href="#name-informative-references" class="section-name selfRef">Informative References</a>
         </h3>
 <dl class="references">
-<dt id="ChaCha">[ChaCha]</dt>
-        <dd>
-<span class="refAuthor">Bernstein, D. J.</span>, <span class="refTitle">"ChaCha, a variant of Salsa20"</span>, <time datetime="2008-01" class="refDate">January 2008</time>, <span>&lt;<a href="http://cr.yp.to/chacha/chacha-20080128.pdf">http://cr.yp.to/chacha/chacha-20080128.pdf</a>&gt;</span>. </dd>
-<dd class="break"></dd>
 <dt id="Degabriele">[Degabriele]</dt>
         <dd>
 <span class="refAuthor">Degabriele, J. P.</span>, <span class="refAuthor">Lehmann, A.</span>, <span class="refAuthor">Paterson, K. G.</span>, <span class="refAuthor">Smart, N. P.</span>, and <span class="refAuthor">M. Strefler</span>, <span class="refTitle">"On the Joint Security of Encryption and Signature in EMV"</span>, <time datetime="2011-12" class="refDate">December 2011</time>, <span>&lt;<a href="https://eprint.iacr.org/2011/615">https://eprint.iacr.org/2011/615</a>&gt;</span>. </dd>
diff --git a/impl-comments-christian/draft-ietf-core-oscore-groupcomm.txt b/impl-comments-christian/draft-ietf-core-oscore-groupcomm.txt
index 34cfa64..5c4085b 100644
--- a/impl-comments-christian/draft-ietf-core-oscore-groupcomm.txt
+++ b/impl-comments-christian/draft-ietf-core-oscore-groupcomm.txt
@@ -565,14 +565,12 @@ Table of Contents
    protection.  If this parameter is not set, the group mode is not used
    in the group.
 
-   The following non-authenticated algorithms can be used as Group
-   Encryption Algorithm: A128CBC, A192CBC, and A256CBC [RFC9459].  The
-   non-authenticated algorithm ChaCha20 [ChaCha] is also suitable to
-   consider, although using it will first require its registration in
-   the "COSE Algorithms" Registry.
-
-   The following non-authenticated algorithms MUST NOT be used as Group
-   Encryption Algorithm: A128CTR, A192CTR, and A256CTR [RFC9459].
+   A non-authenticated algorithm MUST NOT be used as Group Encryption
+   Algorithm if it is not possible to ensure uniqueness of the (key,
+   nonce) pairs.  This is the case, for instance, for A128CTR, A192CTR,
+   and A256CTR [RFC9459].  Instead, examples of non-authenticated
+   algorithms that can be used as Group Encryption Algorithm are
+   A128CBC, A192CBC, and A256CBC [RFC9459].
 
 2.1.7.  Signature Algorithm
 
@@ -4240,9 +4238,6 @@ Table of Contents
 
 15.2.  Informative References
 
-   [ChaCha]   Bernstein, D. J., "ChaCha, a variant of Salsa20", January
-              2008, <http://cr.yp.to/chacha/chacha-20080128.pdf>.
-
    [Degabriele]
               Degabriele, J. P., Lehmann, A., Paterson, K. G., Smart, N.
               P., and M. Strefler, "On the Joint Security of Encryption
