Y
Hacker News
new
|
ask
|
show
|
jobs
by
t1o5
3178 days ago
Like a revocation list of JTIs in an in-memory distributed cache to be checked by the edge service, yes not a bad idea, though there is a cost involved there.
1 comments
prabaths
3178 days ago
Yes - revocation is always tricky - that's why Netflix moved to short-lived certs - and forgot about cert revocation. Here is a blog I wrote on Netflix model:
https://medium.facilelogin.com/short-lived-certificates-netf...
link