Our team is investigating how to deploy our client nodes which present the ledger API to our customers - in particular adding a proxy in front of the client nodes for rate limiting (and of course others purposes). Limiting requests sent per second to the ledger API is important but it does not protect against other types of denial of service attacks. Specifically, I could submit a very small number of requests to the command submission service and have a significant impact on the ledger. One could do a single submission which contains a million create commands, which might cause issues for our ledger. We want to find out if DA has any plan to add some type of rate limiting of commands per second (not requests per second) as part of the ledger API? Would this be a useful feature?
5 Likes
Hi @huw yes, that kind of feature is very much part of our backlog, probably in the foreseeable future, but I cannot yet give you precise timelines. Ultimately we would like a good degree of resource isolation both between parties as well as participant nodes. Ie even a malicious party on malicious participant A should not be able to interrupt service for an honest party on an honest participant.
5 Likes