HSM signing capacity is not infinite, and HSMs are expensive, but the real issue is just general DOS attacks. We aren't anywhere near our HSM capacity at the moment.
It's easy to set up tons of subdomains and request gobs of certs, which generally eats into the resources we have (database, bandwidth, HSMs). We need to limit that behavior to make sure legitimate users are getting good service.
It's easy to set up tons of subdomains and request gobs of certs, which generally eats into the resources we have (database, bandwidth, HSMs). We need to limit that behavior to make sure legitimate users are getting good service.