@eyedeekay
&eche|on
&zzz
+FreefallHeavens
+R4SAS
+RN
+Romster
+acetone
+cims
+dr|z3d
+hagen
+nilbog
+orignal
+postman
+qend-irc2p
+snex
+wodencafe
Arch
Dann
Holmes
Irc2PGuest12976
Irc2PGuest1526
Irc2PGuest28234
Irc2PGuest3143
Irc2PGuest32287
Irc2PGuest51098
Irc2PGuest57041
NiceBoat
OfficialCIA_
Onn4l7h
Onn4|7h
Over
SilentWave
Sisyphus
Sleepy
Wikk__
Zapek
aargh4
ac9f
ahiru
ananas_
calamares_
dr4wd3
duanin2
fa
hamstring1540
leopold_
mahlay
makoto
n2_
not_bob_afk2
poriori
pory
profetikla
r00tobo_BNC
rapidash
test3847473
thetia
unit86
uop23ip
user1
vivid_reader56
x74a6
zelgomer
SilicaRice
what prevents someone from leaking an encrypted LS?
dr|z3d
SilicaRice: nothing.
dr|z3d
what prevents someone from leaking a private ssh key?
SilicaRice
ohh
SilicaRice
so a combination of "friendship keys" (revokable per-client destination) with encrypted LS (revokable per-client leaseset) would be the ideal DDoS protection then, on the assumption that all clients are known?
dr|z3d
depends on your threat model. "ideal" is a movable feast.
SilicaRice
a malicious client could leak the leaseset, at which point you just nuke the destination. all the other clients would still be able to connect normally but any DDoSers wouldn't.