HN Reader

Ask HN: How did Soham Parekh get so many jobs?

278 points by jshchnz 4d ago 386 comments

Ask HN: How is the tech scene in LA?

6 points by asdev 4h ago 0 comments

Ask HN: Has AWS ever surprised you with a bill?

4 points by noway_bro 4h ago 2 comments

Ask HN: How do I buy a typewriter?

5 points by indus 6h ago 11 comments

mTLS vs. HTTP Message Signatures: Tradeoffs in Securing HTTP Requests

2 points by getvictor 6h ago 2 comments

Ask HN: How to generate product docs E2E?

2 points by sarabande 9h ago 1 comments

Ask HN: Advice for Starting a Hacker Space?

28 points by pkdpic 1d ago 30 comments

ARZY-G: A token born from AI-validated usefulness (not mined, not bought)

3 points by arzykul 11h ago 0 comments

Ask HN: Worth leaving position over push to adopt vibe coding?

69 points by NotAnOtter 2d ago 86 comments

Ask HN: What Are You Working On? (June 2025)

438 points by david927 7d ago 1378 comments

Ask HN: Freelancer? Seeking freelancer? (July 2025)

84 points by whoishiring 5d ago 203 comments

CellularLab – A Modern Android iPerf3 App with TCP/UDP Testing and AI Analysis

2 points by abhi5h3k 16h ago 0 comments

Ask HN: Who is hiring? (July 2025)

268 points by whoishiring 5d ago 381 comments

Ask HN: How many communities HN it devs in C language?

7 points by FerkiHN 1d ago 10 comments

Proposal: GUI-first, text-based mechanical CAD inspired by software engineering

3 points by thinkmachyx 1d ago 4 comments

Ask HN: Who wants to be hired? (July 2025)

128 points by whoishiring 5d ago 364 comments

Why did not numpy copy the J rank concept?

14 points by jrank 1d ago 6 comments

Ask HN: What's the 2025 stack for a self-hosted photo library with local AI?

224 points by jamesxv7 6d ago 120 comments

Tell HN: A fake, highly obfuscated Solidity VSCode plugin found on marketplace

14 points by navad 1d ago 1 comments

Looking for Early Testers for a AI Assistant Inside Zotero

10 points by jie6 2d ago 1 comments

Go-msquic: v0.11 is out

2 points by noboruma 13h ago 0 comments

Ask HN: Is there a business for extracting US tech talent?

27 points by Arubis 3d ago 37 comments

Super Simple "Hallucination Traps" to detect interview cheaters

29 points by EliotHerbst 4d ago 37 comments

Ask HN: What clever tools/scripts do you use to manage development environments?

9 points by sebst 1d ago 13 comments

Ask HN: How do you sell to B2B in current state of AI?

4 points by salesdo 1d ago 6 comments

1KB JavaScript Demoscene Challenge Just Launched

115 points by babakode 5d ago 31 comments

If Emacs is not a text editor, then what is it really?

4 points by hushangazar 2d ago 2 comments

Ask HN: Are there any good WASM-based sites for learning Bash, Linux and CLI?

8 points by brightbeige 2d ago 2 comments

Ask HN: Requests for Software – have something you want built?

9 points by NewUser76312 1d ago 7 comments

Ask HN: What are the best resources to help with health insurance denials?

10 points by cigna 3d ago 11 comments

Ask HN: Can't Figure Out Where to Go Next Career Wise

4 points by OulaX 1d ago 3 comments

Ask HN: Why there is no demand for my SaaS when competition is killing it?

33 points by drvroom 4d ago 33 comments

OT Devices Exposed Online Without Authentication – Research Disclosure

3 points by hacker_might 1d ago 0 comments

Ask HN: What are non-social media ways to share photography/art

6 points by rPlayer6554 2d ago 9 comments

Ask HN: How do companies like OpenAI, Perplexity fine tune rich output?

7 points by agaase19 2d ago 3 comments

Ask HN: What are good questions to ask in a remote round in post GPT era?

7 points by ashu1461 3d ago 18 comments

Ask HN: Ideas to acquire "good taste" in programming?

11 points by danielciocirlan 3d ago 11 comments

A client wants to buy old SaaS app – smart move or risk?

6 points by AbbeyRoadRunner 2d ago 7 comments

Ask HN: I give in, what are the resources for picking up AI-assisted coding?

4 points by dhosek 3d ago 7 comments

Ask HN: What codebase would you like to see rewritten, updated, or modernized?

6 points by globnomulous 2d ago 8 comments

Ask HN: Why privacy consent is NOT part of Browser setting?

4 points by the_arun 4d ago 6 comments

Ask HN: Are AI Copilots Eroding Our Programming Skills?

8 points by buscoideais 4d ago 13 comments

Ask HN: How did low contrast text become so pervasive?

22 points by mr-pink 7d ago 26 comments

Ask HN: How to Block Spam Mails?

7 points by mpaepper 4d ago 8 comments

Ask HN: How have you shared computers with your young child (~3 to 5)

18 points by msencenb 6d ago 16 comments

Ask HN: How to make money with SaaS without network or VC funding?

6 points by squareloop 3d ago 8 comments

Ask HN: How are startups dealing with key talent poaching?

4 points by dbreunig 3d ago 2 comments

mTLS vs. HTTP Message Signatures: Tradeoffs in Securing HTTP Requests

2 getvictor 2 7/6/2025, 10:17:34 PM
I’ve been comparing two approaches to authenticating HTTP requests: mTLS and HTTP Message Signatures (like RFC 9421).

mTLS is fast and handled by the TLS layer, but has deployment complexity (e.g. certs, termination). HTTP signatures offer more flexibility at the app layer, but require custom logic and replay protection.

Currently, I'm on the HTTP Message Signatures train since it provides more flexibility to an app developer like me, and I don't have to worry about infrastructure such as load balancers. I can decide which API endpoints need signatures and which parts of the request will be signed.

Curious what others are using in production. How are you securing requests between services or devices? Any lessons from trying both?

Comments (2)

p_ing · 6h ago
No sane infrastructure engineer would let you do anything other than TLS in production. Devs are largely untrusted to get security correct.
getvictor · 5h ago
Yes, I'm assuming you're always running TLS. The question is whether to use mTLS (mutual TLS) vs HTTP message signatures to verify that the request is coming from a trusted client.