1. Forum
  2. tqwNet
  3. TQW LINUX

  • Let's Encrypt plans to drop support for OCSP.

    From LWN.net@1337:1/100 to All on Wed Jul 24 14:30:05 2024
    Let's Encrypt plans to drop support for OCSP.

    Date:
    Wed, 24 Jul 2024 13:19:41 +0000

    Description:
    Let's Encrypt has announced that it intends to end support " as soon as possible " for the Online Certificate Status Protocol (OCSP) over privacy concerns. OCSP was developed as a
    lighter-weight alternative to Certificate Revocation Lists (CRLs) that did
    not involve downloading
    the entire CRL in order to check whether a certificate was valid. Let's Encrypt will continue
    supporting OCSP as long as it is a requirement for Microsoft's Trusted Root Program , but hopes to discontinue it soon: We plan to end support for OCSP primarily because it represents a considerable risk to privacy on the Internet. When someone visits a website using a browser or other software
    that checks for certificate revocation via OCSP, the Certificate Authority (CA) operating the OCSP responder immediately becomes aware of which website is being visited from that visitor's particular IP address. Even when a CA intentionally does not retain this information, as is the case with Let's Encrypt, CAs could be legally compelled to collect it. CRLs do not have this issue. People using Let's Encrypt as their CA should, for the most part, not need to change their setups.
    All modern browsers support CRLs, so end-users shouldn't notice an impact either.

    ======================================================================
    Link to news story:
    https://lwn.net/Articles/982965/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)