DRKey: Additional error type in the level 1 key fetching protocol

[marcfrei]

Consider introducing an additional error type in the level 1 key fetching protocol which enables a given AS to report that it will no longer provide level 1 keys to the requesting AS. I.e., introduce some kind of "permanent error" in the protocol so that client ASes can adapt their behavior accordingly.

This issue should mainly serve as a reminder to think again about the possible error scenarios in the DRKey protocol. It's not clear yet, whether the suggestion above is really needed.

[matzf]

gRPC allows to return different error codes out of the box. The appropriate error code could be PermissionDenied or ResourceExhausted.

[JordiSubira]

I've just come across this issue right now. At the moment any AS can request Lvl1Keys, one first step might be loading a blacklist from the DRKey configuration. Ideally, this list should be dynamically provided to the DRKey service, although this might need further discussion.

gRPC allows to return different error codes out of the box. The appropriate error code could be PermissionDenied or ResourceExhausted.

Yes, it seems a great idea to leverage those errors.