Improving syncookies

Maybe the solution is to add a "syncookie" option? Basically like this:
- client sends SYN with arbitrary options
- server encrypts all the options it understands + any other info it needs and returns them as
an option to SYN-ACK
- client sends ACK, echoing that encrypted option
- server decrypts it and uses it as the syn queue info

Of course, this would be useless without changes to the client OS as well as the server. But
it would give all the advantages of syn cookies (no need to retain a syn queue in memory), but
at the same time work with arbitrary TCP options....