Giter Site home page Giter Site logo

Comments (3)

martinthomson avatar martinthomson commented on September 10, 2024

I have no problem with a real-time generation in response to the request. That keeps the generation load low when there are no incoming requests. Using the request to trigger generation is perfectly reasonable. If the server is stressed, and it doesn't have a pre-made cert ready, it can always respond with a 503 and a Retry-After.

As for unauthenticated requests generating load, it's easy to check how old the current cert is before starting the new one. I have no concerns here regarding strange corner cases.

Leave this to the discretion of implementers. Obviously, pre-generation is going to give you the most predictable load profile, but don't force it on everyone.

from acme-spec.

bifurcation avatar bifurcation commented on September 10, 2024

+1 to what Martin said. This is not a protocol issue, it's up to
implementors.

On Mon, Jan 26, 2015 at 11:20 PM, Martin Thomson [email protected]
wrote:

I have no problem with a real-time generation in response to the request.
That keeps the generation load low when there are no incoming requests.
Using the request to trigger generation is perfectly reasonable. If the
server is stressed, and it doesn't have a pre-made cert ready, it can
always respond with a 503 and a Retry-After.

As for unauthenticated requests generating load, it's easy to check how
old the current cert is before starting the new one. I have no concerns
here regarding strange corner cases.

Leave this to the discretion of implementers. Obviously, pre-generation is
going to give you the most predictable load profile, but don't force it on
everyone.


Reply to this email directly or view it on GitHub
#59 (comment)
.

from acme-spec.

bifurcation avatar bifurcation commented on September 10, 2024

Thinking on this further, I've had some evolution in thinking. I think it's pretty critical that refresh be client-initiated, probably using something like a new-cert transaction but specifying the base certificate and the new validity interval.

from acme-spec.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.