this post was submitted on 16 Oct 2024
192 points (91.4% liked)

Technology

59419 readers
5127 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] vk6flab@lemmy.radio 67 points 1 month ago (21 children)

I'm sorry, but has no-one heard of https://letsencrypt.org that issues certificates via API for free?

I would not be surprised if certificates at some point will be issued for each session.

[–] thesmokingman@programming.dev 2 points 1 month ago (1 children)

AWS makes this impossible in a few places such as a fair number of ACM use-cases.

I think your cert-per-session idea is interesting. We’d need significant throughput and processing boosts to make that happen, probably at least on the order of 10X computing speeds and 10X transmission speeds across the board minimum. These operations are computationally intense and add data to the wire so, for example, a simple Lemmy server with hundreds of users slows to a crawl and a larger site eg Mastodon goes to dialup speeds or worse. You can test at home by trying to generate an x509 self-signed cert before connecting to a website every time.

[–] vk6flab@lemmy.radio 1 points 1 month ago

Well AWS ACM already automates this, so if the renewal period gets shortened, I'm guessing that this will be updated to suit, unless I'm misunderstanding your point.

I hadn't considered the CPU load, but that's a fair point. I'm guessing that a suitable piece of code will utilise specialised hardware, or perhaps leverage the GPU or just in time SSL certificates will become a thing.

load more comments (19 replies)