CRLite: Certificate Revocation Checking in Firefox

Summary

Firefox is now the first and the only browser to deploy fast and comprehensive certificate revocation checking that does not reveal your browsing activity to anyone (not even to Mozilla). Tens of millions of TLS server certificates are issued each day to secure communications between browsers and websites. These certificates are the cornerstones of ubiquitous encryption and a key part of our vision for the web. While a certificate can be valid for up to 398 days, it can also be revoked at any point in its lifetime. A revoked certificate poses a serious security risk and should not be trusted to authenticate a server. Identifying a revoked certificate is difficult because information needs to flow from the certificate’s issuer out to each browser. There are basically two ways to handle this. The browser either needs to ask an authority in real time about each certificate that it encounters, or it needs to maintain a frequently-updated list of revoked certificates. Firefox’s new mechanism, CRLite, has made the latter strategy feasible for the first time. With CRLite, Firefox periodically downloads a compact encoding of the set of all revoked certificates that appear in Certificate Transparency logs. Firefox stores this encoding locally, updates it every 12 hours, and queries it privately every time a new TLS connection is created. You may have heard that revocation is broken or that revocation doesn’t work. For a long time, the web was stuck with bad tradeoffs between security, privacy, and reliability in this space. That’s no longer the case. We enabled CRLite for all Firefox desktop (Windows, Linux, MacOS) users starting in Firefox 137, and we have seen that it makes revocation checking functional, reliable, and performant. We are hopeful that we can replicate our success in other, more constrained, environments as well. Better privacy and performance Prior to version 137, Firefox used the Online Certificate Status Protocol (OCSP) to ask authorities about revocation...