Avoiding this was sort of thing was surely part of the motivation for
IPsec, but presotto points out (I hope I'm not misrepresenting him)
that implementing IPsec, at least in the kernel, is messy, requiring
lots of state and the ability to interrupt and restart cryptographic
computations at awkward times. I've wondered off and on if it might
be feasible and cleaner in a user-mode file server. tcpmux (rfc 1078)
looks easier in user-land.
--- Begin Message ---
> But the trend is towards negotiating TLS after chatting over the
> connection a bit. IMAP, SMTP, and POP all have a separate command to
Let's implement Transport Layer Security inside all our application
layer protocols!
Micah
--- End Message ---
