[always_good]

What you propose is only a performance optimization at the expense of operational complexity. Like caching.

"Never" doesn't make sense.

[Xeoncross]

I guess you could simply rate-limit your login/signup if your not worried about a DoS and just want to keep people from brute-forcing a password.

On the other hand, it's not simply "a performance optimization" as there is no way for node to handle a DDoS without crazy amounts of hardware relative to what iptables|nginx can handle.

[always_good]

You're the one talking about DoS.

Notice how "rate-limiting" is a much more generic concept.

For example, Hacker News rate-limits the amount of posts you can make in a window of time. That's not because they think you're trying to DoS them.

[northvillage]

This is optimization, might as well go all out and call it caching. "never" won't even apply.