> Be careful though, if you relay everything, it suddenly *does* have DDoS potential...

no more than other messages such as transactions.

>Maybe require a proof-of-work then?

kind of defeats the purpose of the alert if it takes a long time to issue one.

I think leave the alert in, but relay alert messages even if they don't use the correct key.  This means that if we later decide to add new keys to the alert root trust then older clients will still relay these.

my .02btc

Will