alt-tls works and I'm considering it complete.

I was going to try secp256k1 Schnorr signatures, but I'm a bit stuck in the morass of PKIX and their numbering scheme, and the fact that they don't have a number for this signature algorithm. That doesn't mean I couldn't implement it, but it does mean I couldn't signal it across the TLS negotiation or in the certificate.