frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Open in hackernews

mTLS vs. HTTP Message Signatures: Tradeoffs in Securing HTTP Requests

2•getvictor•4h ago
I’ve been comparing two approaches to authenticating HTTP requests: mTLS and HTTP Message Signatures (like RFC 9421).

mTLS is fast and handled by the TLS layer, but has deployment complexity (e.g. certs, termination). HTTP signatures offer more flexibility at the app layer, but require custom logic and replay protection.

Currently, I'm on the HTTP Message Signatures train since it provides more flexibility to an app developer like me, and I don't have to worry about infrastructure such as load balancers. I can decide which API endpoints need signatures and which parts of the request will be signed.

Curious what others are using in production. How are you securing requests between services or devices? Any lessons from trying both?

Comments

p_ing•3h ago
No sane infrastructure engineer would let you do anything other than TLS in production. Devs are largely untrusted to get security correct.
getvictor•2h ago
Yes, I'm assuming you're always running TLS. The question is whether to use mTLS (mutual TLS) vs HTTP message signatures to verify that the request is coming from a trusted client.

High Performance Image Sensor Processing Using FPGA [pdf]

https://oda.uni-obuda.hu/bitstream/handle/20.500.14044/10350/Gabor_S_Becker_ertekezes.pdf
2•teleforce•3m ago•0 comments

Instrumentation Score for OpenTelemetry

https://instrumentation-score.com/
1•pranay01•4m ago•0 comments

Show HN: I built a website to summarize Tech Twitter each day

https://www.todayontechtwitter.com
1•nsomani•4m ago•0 comments

America has two labor markets now

https://www.axios.com/2025/07/06/unemployment-job-market-education-health-care
1•ryan_j_naughton•6m ago•0 comments

Nvidia embarks on huge investment in Israel

https://en.globes.co.il/en/article-nvidia-embarks-on-huge-investment-in-israel-1001515005
1•myth_drannon•8m ago•0 comments

Web3 Onboarding Was a Flop – and Thank Goodness

https://tomhadley.link/blog/web3-onboarding-flop
2•solumos•9m ago•0 comments

Massive study detects AI fingerprints in millions of scientific papers

https://phys.org/news/2025-07-massive-ai-fingerprints-millions-scientific.html
3•pseudolus•13m ago•0 comments

Show HN: DeepSky, a New AI Business Agent

https://deepsky.ai/
2•chrchang510•18m ago•0 comments

CyBearsCTF 2019: Block Dude Writeup

https://greenbender.github.io/ctf-writeup/post-cybearsctf-2019-writeup-blockdude/
2•thornjm•22m ago•1 comments

The Weirdest People in the World

https://weirdpeople.fas.harvard.edu/qa-weird
3•ghssds•22m ago•0 comments

SVG Icons Library

https://bruhgrow.com/tools/svg-icons
5•mdanassaif•38m ago•2 comments

Archaeologists in Peru unveil 3,500 year old city that linked coast and Andes

https://www.reuters.com/science/archaeologists-peru-unveil-3500-year-old-city-that-linked-coast-andes-2025-07-03/
4•wslh•42m ago•0 comments

ECC SystemVerilog Generator

https://github.com/siliscale/ECC-SV_Generator
3•marcux95•44m ago•0 comments

Migrating the Jira Database Platform to AWS Aurora

https://www.atlassian.com/blog/atlassian-engineering/migrating-jira-database-platform-to-aws-aurora
5•defrost•51m ago•0 comments

She Wanted to Save the World from A.I. Then the Killings Started

https://www.nytimes.com/2025/07/06/business/ziz-lasota-zizians-rationalists.html
5•davidklemke•54m ago•1 comments

New Intel E610 NICs Shown for Low Power 10Gbase-T and 2.5GbE

https://www.servethehome.com/new-intel-e610-nics-shown-for-low-power-10gbase-t-and-2-5gbe/
3•ksec•59m ago•1 comments

Apple Lisa conversion to Macintosh XL Do-it-Yourself Guide (1990) [pdf]

https://mirrors.apple2.org.za/ftp.apple.asimov.net/documentation/applelisa/Lisa_Do-It-Yourself_Guide.pdf
2•gscott•1h ago•1 comments

OpenBSD on the 2020 M1 MacBook Air (2022)

http://kernelpanic.life/hardware/openbsd-m1-macbook-air.html
5•bradley_taunt•1h ago•0 comments

The Human Use of Human Beings

https://en.wikipedia.org/wiki/The_Human_Use_of_Human_Beings
3•downboots•1h ago•0 comments

Waterbot – a discord bot that controls pins on a raspberry with natural language

https://github.com/fclaude/waterbot
2•fclaude•1h ago•0 comments

Anthropic wins key US ruling on AI training in authors' copyright lawsuit

https://www.reuters.com/legal/litigation/anthropic-wins-key-ruling-ai-authors-copyright-lawsuit-2025-06-24/
6•pyman•1h ago•3 comments

Free AI Hiring Demo – Paraform

https://paraform-genie-magic.lovable.app/
2•lkhoshnevis•1h ago•1 comments

One Year with a Framework Laptop 16 and Fedora KDE Plasma Desktop

https://linhpham.org/blog/2025/one-year-with-framework-laptop-16-fedora-kde-desktop/
5•nmstoker•1h ago•0 comments

Plasma 6.4 Wayland vs. X11, processor and power benchmarks

https://www.dedoimedo.com/computers/plasma-6-4-performance-wayland-x11-power-cpu-kernel.html
8•airhangerf15•1h ago•0 comments

The Dangers of AI Personalization

https://time.com/7296719/ai-personalization-harm-essay/
3•malshe•1h ago•0 comments

The Mental Model of Server Components

https://saewitz.com/the-mental-model-of-server-components
2•PaulHoule•1h ago•0 comments

Show HN: A pure photo collage tool

https://imagesplitter.org/merge-images
2•panyanyany•1h ago•0 comments

Attabotics CEO on devastating week that brought bankruptcy

https://retailtechinnovationhub.com/home/2025/7/6/attabotics-ceo-scott-gravelle-opens-up-about-devastating-week-that-saw-bankruptcy-and-tesco-deal
10•bcantrill•1h ago•5 comments

Show HN: A Language Server Implementation for SystemD Unit Files

https://github.com/JFryy/systemd-lsp
3•arandomhuman•1h ago•0 comments

Self-Cleaning Ants

https://gbragafibra.github.io/2025/07/06/collatz_ant6.html
3•Fibra•1h ago•0 comments