CryptoDB
Toward revocation checking that works
| Authors: | |
|---|---|
| Download: | |
| Abstract: | CRLite is a low-bandwidth, low-latency, privacy-preserving mechanism for distributing certificate revocation data. The system was originally described by Larisch, Choffnes, Levin, Maggs, Mislove, and Wilson at IEEE S&P in 2017. It was implemented by Mozilla shortly thereafter, and aspects of Mozilla’s implementation were presented by Thyla van der Merwe at RWC 2020. Firefox users have had the option to enable CRLite since September 2019 / Firefox 69. However, until very recently, the system was only enabled by default for Firefox Nightly users and 1% of Firefox Release users. The bandwidth costs of the system, while modest in theory, were not low enough for Mozilla, or Firefox users, to accept. This talk will highlight a combination of technical innovations and policy changes that have put us on the path to enabling CRLite for all of our users. Our new implementation of CRLite encodes the set of all revoked certificates in a 6.7 MB package—54% smaller than our original implementation of CRLite, and 21% smaller than a widely-cited lower bound. Our implementation also produces differential updates that describe the certificates that were revoked in the previous 6 hours. The average size of these differential updates is about 25 kB. This talk will also describe the path ahead of us. If CT log operators switch to the Static CT API and the CA/B Forum reduces the maximum validity period of WebPKI certificates to 90 days, we believe that a software client will be able to track all revocations, at 6 hour latency, by downloading approximately 100 kB of revocation data per day. |
BibTeX
@misc{rwc-2025-35873,
title={Toward revocation checking that works},
howpublished={Talk given at RWC 2025},
author={John Schanck},
year=2025
}