Imagine the following setup:
A delegate is running behind a firewall, being able to connect ONLY to specific peers list (relays, spread throughout the world) owned by the delegate's owner.
Each relay does not share the delegate's IP with its peers. (Is this implemented? Will it be?)
The result should be private delegate IP known only to the relays (which are owned by the same person).
A consequence should be that DDOS attack against any of the relays will not stop the delegate from producing blocks. In order to stop the delegate you should either DDOS its IP (which is unknown) or take down all the relays (GL with that).
Am I correct?
If hiding peer's IP (relay not sharing the delegate's IP) is already implemented - how to enable it ?