sunlight icon indicating copy to clipboard operation
sunlight copied to clipboard
verified publisher icon FiloSottile

Ratelimit submission of old certificates

Open mcpherrinm opened this issue 8 months ago • 2 comments

One way to DoS a CT log would be bulk submission of old entries from another log.

It would be good to ratelimit submission of "old" entries. The Baseline Requirements allow backdating of up to 48 hours, so that's a reasonable threshold to consider an entry "old". Generally I'd expect submission of old certificates to be relatively low.

I don't have strong opinions on how to express the rate limit.

mcpherrinm avatar May 12 '25 19:05 mcpherrinm

Since our write ratelimit is the pool size, we can just reserve part of it for only new certificates.

FiloSottile avatar May 12 '25 19:05 FiloSottile

One thing I was considering was that we could prioritize "old" entries behind new ones in some way, so we can fill the pool each sequencing operation, and only drop old entries if the pool would otherwise be full.

mcpherrinm avatar May 12 '25 19:05 mcpherrinm