Still to do:

  - Get more eyes on the protocol

Still to implement for minimal function:

  - Unit tests for all the crypto
    - aes-ctr
    - sha256
    - random number generator
  - Unit tests for the protocol functions
    - Try sender and receive, make sure they can handshake right and
      communicate
    - Make sure handshake still works if data arrives in a trickle
    - Make sure bogus handshake gets rejected

Later:

  - Refactor how the network code calls the protocol code so that protocols
    are pluggable.
    - Instead of having the listener constructor take a shared secret, have
      it take a "protocol state factory".
    - Use the standard C function-pointer trick to turn "protocol state" into
      a class-like thing

  - Drop the openssl dependency (?)
  - some way to set a shared secret or two or three
  - Make it obey the xxx-pluggable-transport spec in Tor.
