asciilifeform: rereading http://btcbase.org/log/2018-10-02#1857215 -- if you actually gotta take 'new rsa key' from allcomers, and there is no way to have'em know a seekrit bitstring prior , then yes afaik it is impossible to do better than mircea_popescu's algo. ( it is unclear to me what's to prevent enemy from swamping your system with new acct requests and giving you 9000 TB of rsa keys to store, but possibly i missed a detail )☝︎
asciilifeform: and pretty sure i grasp the priors. for instance, the proggy i originally wrote the udp thing for, operated in 64kB chunks.
asciilifeform: my observation is strictly in re linux defragger gives you no way to filter, whereas hand-sewn -- would. but it is not my intention to prevent folx from pissing on erry possible electric fence, i'ma leave it there.
asciilifeform: ( he can send, but it gets tossed in O(1) )
asciilifeform: attacker can't send anyffing unless he has a valid key
asciilifeform: the way i'd do it, is to have e.g. 1400 byte packets , and they're authenticated (e.g. client gets seekrit 512bit turd, and keccak(turd + payload) is a field in those 1400) , and ~then~ there is a flag for whether the packet is part of a e.g. 8 byte sequence that gotta reasm, or not .
asciilifeform: once you have any substantial traffic density, it'll simply start dropping.
asciilifeform: mircea_popescu: realize that the linux frag reassembler doesn't give you anything near GB buffer
asciilifeform: diana_coman: imho i described the problem with using linux's fragger/defragger in sufficient detail, would rather not clutter the log with a repeat
asciilifeform: and that you can then use fyootoor fragless ip stack . is all.
asciilifeform: that you can throw out obvious crapola
asciilifeform: whereas if you rely on the udp fragger, only 1 in 4 chunks does, and the rest are not mechanically filtrable.
asciilifeform: right but if you reasm in own proggy, the chunks actually carry the port # and origin ip.
asciilifeform: i'd still rather reasm'em in the proggy itself, rather than baking in a perma-reliance on the linux nonsense. but i suppose is easy to say, but moar work to actually bake.
asciilifeform: mircea_popescu: hm if this is so, then i have nfi why you'd want to try an' shorten packets
asciilifeform: diana_coman: given that you have rsa in there also, how do you intend to make'em shorter ? or is this strictly re the serpent payloads
asciilifeform: ultimately it's diana_coman's proggy, not mine, i can only recommend. imho fixed packets make the coad 9000x simpler, and simplify crapola filtration also. but if diana_coman's application absolutely gotta vary the lengths, then do it..
asciilifeform: at least, it dun seem to exist in any of my clients
asciilifeform: mircea_popescu: i'm not aware of colour in irc
asciilifeform: ( i recently read a old ru treatise re subj, will dig up the link if anybody really wants )
asciilifeform: the moar astonishing phact, is that the punishment was typically administered by ~two~ whippers, and they'd have to coordinate re 'speshul order'.
asciilifeform: ( the skill lay in administering 'just right' amt of thrashing, to turn a '10 strokes' into a death sentence, or 200 into survivable/educational )
asciilifeform: word ended up generic 'whip' in modern ru, but there was a specific item, and whipper was considered skilled trade, with year+ apprenticeship
asciilifeform: funnily enuff, the historical/trad ru кнут was considered 'proprietary tech', all examples were inventoried, and afaik none survived the 19th c prohibition on the whipping
asciilifeform: so as far as ro, exquisite hippo leather..
