429/Too many requests
Sean LeBlanc
My1
We are starting to see "Too many requests" when we try to download a new blob.jwt from https://mds.fidoalliance.org.Are there any mirrors?
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/11d0e6d6-399d-4f60-91bb-99a9b2efaa5fn%40fidoalliance.org.
Joost van Dijk
 | |
On 30 May 2026, at 20:51, Sean LeBlanc <seanl...@gmail.com> wrote:
We are starting to see "Too many requests" when we try to download a new blob.jwt from https://mds.fidoalliance.org.Are there any mirrors?--
Sean LeBlanc
HTTP/2 200
date: Mon, 01 Jun 2026 22:53:14 GMT
content-type: text/html; charset=utf-8
server: cloudflare
cache-control: no-cache, no-store, max-age=0
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
set-cookie: ARRAffinity=7bba8ff75d917e04579ec0c572755b5f34ebcf565d04592f367d277648232dd6;Path=/;HttpOnly;Secure;Domain=mds.fidoalliance.org
set-cookie: ARRAffinitySameSite=7bba8ff75d917e04579ec0c572755b5f34ebcf565d04592f367d277648232dd6;Path=/;HttpOnly;SameSite=None;Secure;Domain=mds.fidoalliance.org
vary: Accept-Encoding
strict-transport-security: max-age=2592000
x-powered-by: ASP.NET
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=jb4ff1zeMO6ABa%2B1T%2Bgv8%2Ft36aPmbqZxYPzVy51RTno0ntDb1awpla7Lxvlp1arKttDnl7MdTGygYMZ8ZPQiM%2Bpfp0saPnGnR6RedaqcUhzqw9mVkB2mc2NXKAp%2F5O374daF8o0%2B"}]}
cf-ray: a051cb131b2e495e-MIA
My1
To view this discussion visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/09c6f6f5-171e-461f-b993-047dd1ddc50cn%40fidoalliance.org.
DUBOUCHER Thomas
THALES GROUP LIMITED DISTRIBUTION to email recipients
Don’t hammer the Metadata Service, you shouldn’t need to update it more than once per day (newer security keys takes weeks/months to reach market, and revocations don’t need to happen instantly).
The metadata service specification indicates the FIDO server should use:
- the response Header ETag to retrieve the current blob serial number, or directly inside the blob
- the request Header If-None-Match with the serial number of the current, or a Get parameter localCopySerial
Best regards,
|
|
|
|
|
Thomas Duboucher (he/him) |
|
Embedded Security Specialist |
|
Digital Identity and Security Thales |
|
|
see here:
Rate limiting for the MDS3 BLOB download service has been adjusted. The previous setting limited downloads to two times per minute based on the requesting IP address. The limit has been been adjusted to limit downloads to once per hour.
On 30 May 2026, at 20:51, Sean LeBlanc <seanl...@gmail.com> wrote:
We are starting to see "Too many requests" when we try to download a new blob.jwt from https://mds.fidoalliance.org.
Are there any mirrors?
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/11d0e6d6-399d-4f60-91bb-99a9b2efaa5fn%40fidoalliance.org.
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/09c6f6f5-171e-461f-b993-047dd1ddc50cn%40fidoalliance.org.
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
fido-dev+u...@fidoalliance.org.
