There could be many different issue related signals: Payment required for instance.
What is an abusive rate may depend on the source. Some large ISPs might generate a number of requests that might be considered a DoS attack coming from a residential IP. On Mon, Mar 21, 2016 at 6:45 PM, Niklas Keller <[email protected]> wrote: >> Niklas, >> >> When there are multiple kinds of rate limits affecting the current >> transaction, would you imagine that these headers should only >> illustrate the most restrictive? For example, Let's Encrypt has both >> "per-FQDN" and "per-Registered Domain" limits active now, each with a >> different state. > > > Didn't have time to think about it yet, but having only the most restrictive > limit sounds good. > >> >> I'd like to avoid a meta-language inside the headers, certainly. I'd >> also like whatever we add to be useful. Perhaps there should be a >> "RateLimit-Name" header to define which limit is being described? >> >> - J.C. > > > Will it be possible to standardize all names? Other CAs may use other rate > limits. So should `RateLimit-Name` be a code or a human readable message? > > Regards, Niklas > > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme > _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
