Mozilla on CRLite


-
Introducing CRLite: All of the Web PKI’s revocations, compressed
CRLite is a technology proposed by a group of researchers at the IEEE Symposium on Security and Privacy 2017 that compresses revocation information so effectively that 300 megabytes of revocation data can become 1 megabyte. It accomplishes this by combining Certificate Transparency data and Internet scan results with cascading Bloom filters, building a data structure that is reliable, easy to verify, and easy to update.
Since December, Firefox Nightly has been shipping with with CRLite, collecting telemetry on its effectiveness and speed. As can be imagined, replacing a network round-trip with local lookups makes for a substantial performance improvement. Mozilla currently updates the CRLite dataset four times per day, although not all updates are currently delivered to clients.
-
The End-to-End Design of CRLite
CRLite is a technology to efficiently compress revocation information for the whole Web PKI into a format easily delivered to Web users. It addresses the performance and privacy pitfalls of the Online Certificate Status Protocol (OCSP) while avoiding a need for some administrative decisions on the relative value of one revocation versus another. For details on the background of CRLite, see our first post, Introducing CRLite: All of the Web PKI’s revocations, compressed.
To discuss CRLite’s design, let’s first discuss the input data, and from that we can discuss how the system is made reliable.
-
- Login or register to post comments
Printer-friendly version- 1437 reads
PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Android Leftovers
| Raspberry Pi 4: Chronicling the Desktop Experience – Emulate Home Computers – Week 15
This is a weekly blog about the Raspberry Pi 4 (“RPI4”), the latest product in the popular Raspberry Pi range of computers.
A glaring omission from my RPI4 blog to date is gaming on this wee machine. There’s so many games to play on the machine, it’s difficult to know where to begin. I’ll start with something that shouldn’t be taxing on the machine. Emulating home computers. Specifically, the Amiga, ZX Spectrum, and Atari ST. They were hugely popular home computers targeted heavily towards games, but also ran other types of software.
Home computers were a class of microcomputers that entered the market in 1977 and became common during the 1980s. They were marketed to consumers as affordable and accessible computers that, for the first time, were intended for the use of a single nontechnical user.
|
Programming: Flang "f18" Fortran Compiler, Qt for SCADA, Rustlang-based AV1 Encoder and iNaturalist
| The Meteoric Rise Of Fwupd+LVFS For Linux Firmware Updates
Intel firmware expert Brian Richardson was at FOSDEM 2020 to talk up UEFI Capsule Update functionality and the Linux Vendor Firmware Service (LVFS) for allowing OEMs/ODMs to easily distribute firmware updates to Linux users for application with the Fwupd firmware updating utility.
Brian's talk covered how UEFI Capsule Updates allow better resiliency and handling of system firmware updates in a trouble-free manner, etc. It's a nice talk for anyone wanting to learn more about UEFI Capsule Updates.
|




.svg_.png)

Content (where original) is available under CC-BY-SA, copyrighted by original author/s.


Recent comments
12 min 55 sec ago
5 hours 12 min ago
5 hours 14 min ago
5 hours 20 min ago
5 hours 41 min ago
11 hours 15 min ago
12 hours 15 min ago
12 hours 52 min ago
12 hours 56 min ago
14 hours 3 min ago