Next steps:
done	learn SIGN and STRIPSPS about new header
done	implement the verify match


Improve syntax:
	ways to specify algorithm
	specify minimum signature length required
	verbose option for debugging/key testing

Actually implement signing :-)
done	verify needs to do this
done	will start with SHA-1

Implement crypto
done	verify needs to do this

Look into conntrack so we can also sign return packets
	if we have a key, or a shared secret!

Key discovery protocol?

Dealing with NAT
	Add UDP as a possibility
	Also add 'this will be my source address, trust me' signing
	Currently, if you do NAT, you need to do signing AFTER NAT

Decide on right name for STRIPSPS, or UNSIGN or whatever.
	We may need to call it decrypt? May need key to decrypt even
	of verify could decrypt, and add data to skb to signify signedness

For private/public key design, do we want to send key identity?
	We want to send a hash	

For iptables-save, -restore, actually print out ascii representation of full
	key?

is -t mangle the right place to do this stuff? is PREROUTING? POSTROUTING?

cope with skb without tailroom