> I think that I'd avoid putting the negotiation and certificate stuff (as > such) in the kernel device.
Speaking as an amateur, I'd be tempted to investigate pushing the Plan 9 paradigm further and see how hard it would be to fragment the kernel into asymmetric portions. To be more specific, something of the magnitude of TLS, or USB, ought to be constructed as a subkernel or a super-driver, able to run on GPUs in parallel with the CPU-based kernel. Thinking on my feet, I'd say the important factor would be the establishment of boundaries between modules that can only be crossed with the right type of credentials. How much of this is old hat to those of us who are close to academia I can't guess, but not having seen much mention of similar concepts, I'm curious if anything in this vein is being explored at all (I'm sure something that would appeal to me is, there are close to an infinite number of monkeys out there typing on pretty close to an infinite number of keyboards and an even more infinite number of CPUs). Lucio.