Implement certificate serial number covert channel (part of proposal 179)
This ticket is for tracking the implementation of certificate start time fuzzing and serial number covert channel.
Jake implemented both of these in his prop179 branch.
wrt the serial number thing, if we decide to allow users to input their own TLS certificates, the serial number covert channel will get poluted. I think it's time to think if we really need this covert channel, or if we care that we will get false positives with user-specific certificates.
For link protocol version negotiation, we have the VERSIONS cell. We might need a covert channel on the SSL handshake, if we need to negotiate the link protocol version before the Tor protocol. In which cases do we need such a visible covert channel?