Okay but hear me out

If we teach systemd socket activation to do TLS handshakes we can completely offload TLS encryption to the kernel (and network devices) and you get all of this for free.

It's actually not a crazy idea in the world of kTLS to centralize TLS handshaking into systems

▲

johannes1234321 a day ago | parent [-]

Oh, I remember my Solaris fanboys praising Kernel-Level TLS as it reduced context switching by a lot. I believe they even had a patched openssl making this transparent to openssl based applications.

Linux seems to offer such facilities, too. I never use it to my knowledge, though (might be that some app used it in background?) https://lwn.net/Articles/892216/

	▲	reactordev a day ago \| parent [-]
		Why stop there? Why not sign and verify off the mother of all root CA’s, your TPM 2.0 Module EEPROM? (fun to walk down through the trees and the silicon desert of despair, to the land of the ROM, where things can never change)