blob: c1570c949e52f22299048d75e22690db1348dcc3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
# Proposal
Replace the "domain_hint" key in the input to the add-leaf endpoint with
"rate-limit". The value associated with the "rate-limit" key is on the format:
method:data
where the defined methods are:
- dns: the exact same semantics as today's domain hint
- token: a shared secret that is negotiated between submitter and the log
operator out-of-band
Example of a rate-limit line using DNS:
rate_limit=dns:_sigsum_v0.example.org
Example of a rate-limit line using token:
rate_limit=token:xxxxxxxxxxxxxxxxxxxxxx
The "rate_limt" key must not be repeated.
The "rate_limit" key may be omitted. It is then up to the log server to accept
or reject the user's requests.
# Motivation
There are more ways to establish something to rate-limit on than domain hints.
The name "domain_hint" is also not descrptive; it makes understanding harder.
It is also plausible that a log operator wants to run without a rate limit in
some environments. The above change permits this as well.
|
