I'd go further: this could be the start of the end of the cipher suite cartesian product nonsense in TLS. Just negotiate {cipher, mode} and key exchange separately, or possibly cipher, mode, and key exchange, in just the same way as you propose negotiation of encrypt-then-MAC.
Nico -- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography