Merge branch 'main' of git.sigsum.org:sigsum

1 files changed, 33 insertions, 0 deletions

diff --git a/doc/proposals/2022-07-replace-domain-hint-with-rate-limit.md b/doc/proposals/2022-07-replace-domain-hint-with-rate-limit.md
new file mode 100644
index 0000000..c1570c9
--- /dev/null
+++ b/doc/proposals/2022-07-replace-domain-hint-with-rate-limit.md
@@ -0,0 +1,33 @@
+# Proposal
+
+Replace the "domain_hint" key in the input to the add-leaf endpoint with
+"rate-limit".  The value associated with the "rate-limit" key is on the format:
+
+    method:data
+
+where the defined methods are:
+
+  - dns: the exact same semantics as today's domain hint
+  - token: a shared secret that is negotiated between submitter and the log
+    operator out-of-band
+
+Example of a rate-limit line using DNS:
+
+    rate_limit=dns:_sigsum_v0.example.org
+
+Example of a rate-limit line using token:
+
+    rate_limit=token:xxxxxxxxxxxxxxxxxxxxxx
+
+The "rate_limt" key must not be repeated.
+
+The "rate_limit" key may be omitted.  It is then up to the log server to accept
+or reject the user's requests.
+
+# Motivation
+
+There are more ways to establish something to rate-limit on than domain hints.
+The name "domain_hint" is also not descrptive; it makes understanding harder.
+
+It is also plausible that a log operator wants to run without a rate limit in
+some environments.  The above change permits this as well.