Skip to main content

Search

Items tagged with: WebPKI


New blog post: Post-OCSP certificate revocation in the Web PKI.

With OCSP in all forms going away, I decided to look at the history and possible futures of certificate revocation in the Web PKI. I also threw in some of my own proposals to work alongside existing ones.

I think this is the most comprehensive current look at certificate revocation right now.


#security #WebPKI #LetsEncrypt #TLS #OCSP


For a blog post I’m writing about dealing with certificate revocation, here are the topics I’m covering:

  • OCSP (inc. stapling, must-staple, the never-adopted expect-staple, discontinuation from BoringSSL and Let’s Encrypt)
  • CRLs, inc. CRLite, CRLSets, and Let’s Revoke.
  • Short-lived certs (inc. ACME-STAR, Delegated Credentials, and notAfter)

Anything else I should cover?

#WebPKI #TLS


Do you like security? Do you like privacy? Cryptography? Do you like working for a public benefit non-profit instead of an investor-beholden corporation?

Let's Encrypt is hiring for someone to join our SRE team and help run the largest Certificate Authority in the world! Come work with me and some of the most wonderful folks in tech, to make the web a better place.

abetterinternet.org/careers/le…

#jobs #sre #webPKI #security #privacy #cryptography