> Also, the certificate contains lengthy URLs for CRL download locations and OCS... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tumetab1 on Dec 13, 2019 \| parent \| context \| favorite \| on: Ways to reduce the costs of an HTTP(S) API on AWS > Also, the certificate contains lengthy URLs for CRL download locations and OCSP responders, 164 bytes in total. If you're going on that path It's probably best to avoid revocation altogether, since it doesn't really work, and go the let's encrypt way, certificates with lower lifespans. On that scale a 15 days cert on rotation is probably fine.

mhenoch on Dec 13, 2019 [–]

That's a good point. Seems like Let's Encrypt certificates contain an OCSP URL but no CRL URL, so they are a bit smaller.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact