I am not going to pretend that I fully understand the DDoS mitigations yet, but experience at two jobs has taught me that at least three entire countries essentially present themselves from behind small numbers of heavily NATed addresses, so I hope that the mitigations are NAT-friendly.

ISTR that UAE and Singapore are two such, I forget the third?

-a


On 2 Feb 2018 00:10, "A. Johnson" <aaron.m.johnson@nrl.navy.mil> wrote:
Because the circuit-creation limit is applied at the guard, wouldn’t this affect hidden sevices instead of single onion services?