Y
Hacker News
new
|
ask
|
show
|
jobs
by
fs111
432 days ago
Load on the underlying infrastructure is a concern. The signing keys are all in HSMs and don't scale infinitely.
1 comments
bob1029
432 days ago
How does cycling out certificates more frequently
reduce
the load on HSMs?
link
timmytokyo
432 days ago
It's all relative. A 47-day cycle increases the load, but a 48-hour cycle would increase it substantially more.
link
woodruffw
431 days ago
Much of the HSM load within a CA is OCSP signing, not subscriber cert issuance.
link