@eyedeekay
&zzz
+FreefallHeavens
+R4SAS
+RN
+RN_
+T3s|4
+dr|z3d
+eche|off
+mareki2p
+orignal
+postman
+qend-irc2p
+robin
+snex
+wodencafe
Arch
BubbRubb
Chrono
Danny
DeltaOreo
HowardPlayzOfAdmin
Irc2PGuest14159
Irc2PGuest28800
Irc2PGuest31124
Irc2PGuest93285
Onn4l7h
Over
Sisyphus
Sleepy
SlippyJoe
Stormycloud_
T3s|4_
Teeed
ac9f
acetone__
ardu
b3t4f4c3__
bak83_
coolbuddy799
cumlord
dr4wd3
duanin2
duck
eyedeekay_bnc
kaffi
leopold_
makoto
marek22k
nilbog
not_bob_afk
poriori
pory
profetikla
r00tobo_BNC
rapidash
shiver_
thetia
u5657
uop23ip
w8rabbit
x74a6
SilicaRice
what prevents someone from leaking an encrypted LS?
dr|z3d
SilicaRice: nothing.
dr|z3d
what prevents someone from leaking a private ssh key?
SilicaRice
ohh
SilicaRice
so a combination of "friendship keys" (revokable per-client destination) with encrypted LS (revokable per-client leaseset) would be the ideal DDoS protection then, on the assumption that all clients are known?
dr|z3d
depends on your threat model. "ideal" is a movable feast.
SilicaRice
a malicious client could leak the leaseset, at which point you just nuke the destination. all the other clients would still be able to connect normally but any DDoSers wouldn't.