On Tue, Oct 13, 2009 at 6:55 PM, Vin King <vin.king@gmail.com> wrote:
BUT, if we WERE to mask, I'd go with a static hash of the address shared among servers. Connecting server hashes it, passes it as the hostmask to all other servers. [...]
My suggestion would be to use a deterministic algorithm to compute the mask, based on hostname. Instead of passing around an extra mask between servers, all servers understand and use the same algorithm used to perform the masking (so all servers agree on mask), and present the hashed mask without need to store additional data explicitly (except they may cache for performance reasons). However, if a need arises to change the algorithm used to calculate the masks, any change in the computed mask breaks compatibility. - But it has the advantage that, since a deterministic algorithm is used: it is possible to enforce channel bans against masked users. Especially important if users are allowed to disable masking (if they disable masking, it is necessary to still match the masked version of their hostname against channel bans, OR they can use unmasking as an evasion tool). Effective ban checking is done either by testing both the user's real address, and the masked version of their address against all channel bans, and /silence entires. OR providing some method of annotating or analyzing banlist entries, in IsBanned, so as to determine whether a REAL host or a MASK host is referenced in the ban... and always attempting to match the right version of the user's hostname against each banlist entry. -- -J