[edave64]

The fact that indirect messages are marked as unverifiable "hearsay" (seemingly regardless of how many peers confirm it), the fact you can only join the network if you peer with someone, and the bounce limit seems to imply that you would want to peer very liberally.

And the trick is that you can't just be DOSed by a peer, you can be DDOSed by the peers of your peers of your peers, as I see it.

[asciilifeform]

Indirect messages must be marked as hearsay, given as (barring the use of asymmetric crypto, which is AFAIK impossible to carry out at Gb+/s line-rate without specialized hardware) there is no way to verify, in any useful sense, their authorship.

The most that can be done to infer authenticity of indirect messages is to see whether such a message rejects the authorship of a known previous message having the same handle -- via the SelfChain. In virtually any case of handle collision, this will occur.

Re: floods -- a station only processes messages from a peer. So in fact in all cases the proximate cause of a flood is identifiable, and you can "UNPEER" and "GAG" him.

Flooding by a peer is annoying, but is not what people normally think of as "DDOS" (normally the term implies a flood of rubbish received directly from unauthenticated third parties.)

How liberally to peer -- is a matter for an individual station operator. Peering with every passing acquaintance has obvious down-sides.