What I would really like is the ability to send arbitrary, small payloads in the TCP handshake message. TCP handshakes already use SYN, SYN-ACK, ACK, why not append crypto stuff with them as well?
96 bytes of payload per message would be enough for most uses (Noise messages, without payload, are at most 96 bytes long when they use X25519). We might need more if we want the server to transmit a certificate in addition to its public key, though. Right now, crypto protocols over TCP require at least one full additional round trip, compared to UDP. That’s such a pity.
Is there really no way to at least stuff 32 arbitrary bytes in the SYN and SYN-ACK packets? (Ideally I’d want 48 bytes in SYN-ACK so I can perform Noise XK1, but 32 bytes are already useful)
Very cool. I look forward to having a basic form of transport encryption available for all my system traffic.