Simon Josefsson via Sigsum-general sigsum-general@lists.sigsum.org writes:
So how about a rate-limiting mechanism where the Sigsum log (when it decide it wants to perform rate-limiting) returns a URL to the client which the human operating the client has to visit in a browser and perform some kind of CAPTCHA, OpenID login, OAuth exchange against GitLab/GitHub/Mastodon/whatever,
Some variant of OpenID login could perhaps make sense, with quota per id (maybe somehow using dns/publicsuffixlist-based rate limit for the openid provider, to prevent an abuser from creating millions of openid providers and millions of accounts at each provider). Do you know how that relates to how sigstore handles user identities? I've never looked into the details.
Bitcoin transfer, credit card payment, Suduko puzzle solver, watch commercials for 1 minute etc,
I bet selling those commercials will be very profitable :-)
Regards, /Niels