You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
SPIFFE — pars pro toto — are software solutions which implement extremely short lived certificates (on the time scale of 5 minutes expiry - by default).
It seems to be a trend in better securing workloads.
Therefore, I'd ask to implement a graceful hot-reload feature directly at the root of internet security leverage: here.
Since we partly deal with long running processes downstream, besides of empowering short lived certificates practices, there is an argument to the amount of cache invalidation that are saved.
I haven't calculated the worlds consolidated saving in man hours (implementing "hacks" around cert reloading) and cache warm ups (compute time), but let's just say: it would be huge.
Can I have an official stance, or should I reverberate this back to the mailing list?
EDIT: I also posted a motion on the user mailing list. There is additional information there
I've spotted those threads on the topic:
SPIFFE — pars pro toto — are software solutions which implement extremely short lived certificates (on the time scale of 5 minutes expiry - by default).
It seems to be a trend in better securing workloads.
Therefore, I'd ask to implement a graceful hot-reload feature directly at the root of internet security leverage: here.
Zeyuan's approach atomically swapping the pointers seemed interesting, but was never heard of again?
Since we partly deal with long running processes downstream, besides of empowering short lived certificates practices, there is an argument to the amount of cache invalidation that are saved.
I haven't calculated the worlds consolidated saving in man hours (implementing "hacks" around cert reloading) and cache warm ups (compute time), but let's just say: it would be huge.
Can I have an official stance, or should I reverberate this back to the mailing list?
EDIT: I also posted a motion on the user mailing list. There is additional information there
The text was updated successfully, but these errors were encountered: