diff --git a/src/dtls13.c b/src/dtls13.c
index e8a2947d8..1d810a872 100644
--- a/src/dtls13.c
+++ b/src/dtls13.c
@@ -274,6 +274,9 @@ static int Dtls13GetRnMask(WOLFSSL* ssl, const byte* ciphertext, byte* mask,
         if (c->chacha == NULL)
             return BAD_STATE_E;
 
+        /* assuming CIPHER[0..3] should be interpreted as little endian 32-bits
+           integer. The draft rfc isn't really clear on that. See sec 4.2.3 of
+           the draft. See also Section 2.3 of the Chacha RFC. */
         ato32le(ciphertext, &counter);
 
         ret = wc_Chacha_SetIV(c->chacha, &ciphertext[4], counter);