@eyedeekay
&eche|on
&kytv
&zzz
+R4SAS
+RN
+RN_
+acetone
+dr|z3d
+hk
+lbt
+postman
+weko
+wodencafe
An0nm0n
Arch
Dann
DeltaOreo
FreefallHeavens
GucciferZ
Irc2PGuest35128
Irc2PGuest43186
Irc2PGuest59134
Irc2PGuest61987
Irc2PGuest97364
Irc2PGuest99418
Leopold
Nausicaa
Onn4l7h
Onn4|7h
Over1
Sisyphus
Sleepy
SoniEx2
T3s|4_
T3s|4__
anon
b3t4f4c3__
bak83
boonst
carried6590
cumlord
dr4wd3
eyedeekay_bnc
l337s
not_bob_afk
orignal
poriori_
profetikla
qend-irc2p_
r3med1tz-
radakayot_
rapidash
scottpedia
segfault
shiver_
solidx66_
syncthing2
trust
u5657
uop23ip
w8rabbit
x74a6
SilicaRice
what prevents someone from leaking an encrypted LS?
dr|z3d
SilicaRice: nothing.
dr|z3d
what prevents someone from leaking a private ssh key?
SilicaRice
ohh
SilicaRice
so a combination of "friendship keys" (revokable per-client destination) with encrypted LS (revokable per-client leaseset) would be the ideal DDoS protection then, on the assumption that all clients are known?
dr|z3d
depends on your threat model. "ideal" is a movable feast.
SilicaRice
a malicious client could leak the leaseset, at which point you just nuke the destination. all the other clients would still be able to connect normally but any DDoSers wouldn't.