@eyedeekay
&zzz
+R4SAS
+RN_
+StormyCloud
+acetone
+dr|z3d
+hk
+not_bob_afk
+orignal
+postman
+qend-irc2p
+wodencafe
Arch
BubbRubb1
C341
Chrono2
Daddy
Danny
Debian-GNU-Hurd-2025-released
DeltaOreo
FreefallHeavens
HowardPlayzOfAdmin
Irc2PGuest29259
Irc2PGuest33339
Irc2PGuest34005
Irc2PGuest77721
Leopold_xmpp_
Onn4l7h
Over
SigSegv
Sisyphus
Sleepy
T3s|4_
Teeed
aargh
ardu
b3t4f4c3
b4dab00m
bak83
cumlord
death
dr4wd3_
duanin2
eyedeekay_bnc
hagen_
i2pUser2222
kaffi
nilbog
nnm--
ohThuku1_
pedrogherrera
poriori
pory
profetikla
r00tobo
rapidash
shiver_
snex
solidx66_
thetia
u5657
uop23ip
wew
x74a6
SilicaRice
what prevents someone from leaking an encrypted LS?
dr|z3d
SilicaRice: nothing.
dr|z3d
what prevents someone from leaking a private ssh key?
SilicaRice
ohh
SilicaRice
so a combination of "friendship keys" (revokable per-client destination) with encrypted LS (revokable per-client leaseset) would be the ideal DDoS protection then, on the assumption that all clients are known?
dr|z3d
depends on your threat model. "ideal" is a movable feast.
SilicaRice
a malicious client could leak the leaseset, at which point you just nuke the destination. all the other clients would still be able to connect normally but any DDoSers wouldn't.