From 9939d41f37ff2b1b246eb62c7c54393f1be3e18e Mon Sep 17 00:00:00 2001
From: Rasmus Dahlberg <rasmus@mullvad.net>
Date: Wed, 20 Jul 2022 15:00:10 +0200
Subject: add replace domain hint with rate limit proposal

---
 .../2022-07-replace-domain-hint-with-rate-limit    | 33 ++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 doc/proposals/2022-07-replace-domain-hint-with-rate-limit

(limited to 'doc/proposals')

diff --git a/doc/proposals/2022-07-replace-domain-hint-with-rate-limit b/doc/proposals/2022-07-replace-domain-hint-with-rate-limit
new file mode 100644
index 0000000..c1570c9
--- /dev/null
+++ b/doc/proposals/2022-07-replace-domain-hint-with-rate-limit
@@ -0,0 +1,33 @@
+# Proposal
+
+Replace the "domain_hint" key in the input to the add-leaf endpoint with
+"rate-limit".  The value associated with the "rate-limit" key is on the format:
+
+    method:data
+
+where the defined methods are:
+
+  - dns: the exact same semantics as today's domain hint
+  - token: a shared secret that is negotiated between submitter and the log
+    operator out-of-band
+
+Example of a rate-limit line using DNS:
+
+    rate_limit=dns:_sigsum_v0.example.org
+
+Example of a rate-limit line using token:
+
+    rate_limit=token:xxxxxxxxxxxxxxxxxxxxxx
+
+The "rate_limt" key must not be repeated.
+
+The "rate_limit" key may be omitted.  It is then up to the log server to accept
+or reject the user's requests.
+
+# Motivation
+
+There are more ways to establish something to rate-limit on than domain hints.
+The name "domain_hint" is also not descrptive; it makes understanding harder.
+
+It is also plausible that a log operator wants to run without a rate limit in
+some environments.  The above change permits this as well.
-- 
cgit v1.2.3