registration limits #32
Description
Right now one can reuse same peerid for requesting certs from Let's Encrypt. Bad actors could be spammy.
We should have limits at registration.libp2p.direct/v1/_acme-challenge broker to ensure there is semi-linear cost (creating new peers and peerids) attached to batch-asking certs.
Unsure what is sensible limit, but as conversation starter:
- Nobody should need more than 10 certs per hour per peerid
Thoughts?