The protocol specification allows channel security mechanisms to be negotiated,
but so far none have been defined. Obvious candidates are TLS, IPsec, maybe ssh.
Typically we will need to select a mandatory-to-implement one, and may also need
to define more precisely how it is used (e.g. if there are any options within it
which need to be chosen consistently to provide the necessary security services).