Avoiding this was sort of thing was surely part of the motivation for
IPsec, but presotto points out (I hope I'm not misrepresenting him)
that implementing IPsec, at least in the kernel, is messy, requiring
lots of state and the ability to interrupt and restart cryptographic
computations at awkward times.  I've wondered off and on if it might
be feasible and cleaner in a user-mode file server.  tcpmux (rfc 1078)
looks easier in user-land.