As we consider all present protocols insecure against the new attacks brought about by legislation, we are not going to use any of them. The crypto layer will interface between the application programs and the comms and will use nine algorithms. There will only be one choice for each type of algorithm. We haven't chosen them yet.
All comms between users and havens will be encrypted in a symmetric algorithm using short-term keys derived from a signed key-exchange protocol. All comms will be padded to fixed length blocks and mixed with random amounts of random data blocks and fake "housekeeping" traffic. Email will be treated the same way but will also use authenticated ephemeral keys for forward secrecy.
Data will be stored symmetrically encrypted with a last-ditch key, encrypted with a deniable cypher, hidden stenographically in fixed-size blocks of random data and split m-of-n between data havens. It will undergo a further encryption when it is being transmitted. Defence in depth. Only the symmetric transmission cypher, it's key exchange, server certification and some email forwarding tasks will be done by the server.