Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Load on the underlying infrastructure is a concern. The signing keys are all in HSMs and don't scale infinitely.


How does cycling out certificates more frequently reduce the load on HSMs?


It's all relative. A 47-day cycle increases the load, but a 48-hour cycle would increase it substantially more.


Much of the HSM load within a CA is OCSP signing, not subscriber cert issuance.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: