top | item 38678417

(no title)

eldridgea | 2 years ago

I asked a cloudflare engineer this and the answer was a bit vague but amounted to the failure rate being something like 0.5% which was too high for the amount of TLS sessions being initiated all the time.

Although I always thought it would be a nice feature for security conscious folks to be able to ennable. Or go ahead and use it on more sensitive sites only, e.g. banks.

discuss

quickthrower2|2 years ago

Which leads us back to needing caching, which needs a signatory, and a list of trusted signatory, which gets us back to certificate authorities. Gotcha :-).

stephenr|2 years ago

Caching is something DNS already has in-hand.

CMCDragonkai|2 years ago

What were the circumstances of the failures?