I've been drafting the Winters network protocol. I found uses to such 32-bit quantities as 4037931181 ("emergency hangup") and 4026658817 ("permission denied") [thanks dhd!]. The protocol is simple and expresses what it needs to express. I realized I can set up a separate auth server to provide new sessions for arbitrary clients if necessary, which simplifies the problem. You see, the protocol creates new sessions by negotiating their cipher and encryption key on an existing session; this avoids me having to deal with public-key cryptography in the protocol itself.
Anybody see any obvious security problems with assuming that if the client can send a known plaintext (published as part of the protocol specification) encrypted with the correct key (which is prenegotiated using channels we assume to be secure) then the client can be considered authenticated?
The next step is to implement the protocol. This should not take more than two days (famous last words!).
Advertised Advogato to Tuomas Lukka. Seems he likes it.