Closed chris-wood closed 2 years ago
tfpauly
commented
2 years ago One good solution would be to limit this to have the Attester only allow the rate limit change once per policy window for a given anonymous origin — essentially once per bucket. The issuer should only change it per origin once per policy window.
tfpauly
commented
2 years ago If an origin changes its limit, the attester may be able to recognize an origin being common across clients if they all change at the same time.
We should note this and suggest that you don't change the limit for a single origin, but change it for many at a time.
The origin could also move from one issuer name to another issuer name
... and talk about how Attesters should deal with origin limit changes. Similar to the
CLIENT_KEY, it's not unreasonable for this to change.