1) For clarity's sake, turn pb into a package: pb.local pb.remote pb.protocol
2) the methods for connecting to a server assume you are using TCP - they should use the new connectTCP, connectSSL, etc. API when we do *that* refactor.
1) Use SRP instead of whatever the current challenge/response is - see http://www-cs-students.stanford.edu/%7Etjw/srp/.
2) Make a login system that uses X.509 certificates for identities (SSL only).
3) Look at SPKI for an alternate certificate-based system (RFC 2693).