DISCLAMER: I am not a cryptographer of any degree. At all.
Anyone who uses Tor knows that the Tor client relay exposes a SOCKS interface for the browser and other applications to connect to. Due to the (hideously) insecure nature of the SOCKS protocol, access to a SOCKS interface can realistically only safely be deployed locally - i.e. on the same machine as the client application (browser, IRC client, whatever).
While following all of the tunception work going on around here, a few thoughts bubbled to the surface concerning access to darknets such as Tor and I2P (mostly Tor). torstorm enables Web-based access to Tor hidden services; the Tor client relay is accessed through its SOCKS interface on the same box. However, I'm wondering if there is an opportunity to secure and harden SOCKS by deploying it over TLS.
Implemented correctly, this would allow a clearnet<->darknet service to be split among multiple boxes which could be physically (and geographically) separated from each other, and the secure connection would terminate within the memory space of the receiving SOCKS-S server.
During my research I came across this draft from 1997. Being so old, it was based upon SSL 3.0 (which is now (un)officially dead), but it could probably be updated to support TLS 1.2. The obvious question in all of this is of course, "is it actually worth it?". Personally, I believe there are some use cases for it (not user-side though).
I wouldn't mind some opinions on this, so all those who have something to share, please do so.