[$] Linux's missing CRL infrastructure
Date:
Mon, 25 Aug 2025 14:52:54 +0000
Description:
In July 2024, Let's Encrypt , the nonprofit TLS certificate authority (CA), announced that it would be ending support for the online certificate status protocol (OCSP), which is used to determine when a server's signing certificate has been
revoked. This prevents a compromised key from being used to impersonate a web server.
The organization cited privacy concerns, and recommended that people
rely on certificate revocation lists (CRLs)
instead. On August6, Let's Encrypt
followed through and disabled its OCSP service. This poses a
problem for Linux systems that must now rely on CRLs because, unlike on other operating systems, there is no standardized way for Linux programs to share a CRL cache.
======================================================================
Link to news story:
https://lwn.net/Articles/1033809/
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)