Today I published an update on the #Canonical supported #upki project, which brings browser-grade Public Key Infrastructure to Linux through the efficient #CRLite data format, with the core revocation engine now functional and available to test!

Beyond current progress, this post explores broader integration, performance, and future capabilities like Certificate Transparency enforcement and Merkle Tree.

This is all part of the effort to increase the resilience of #Ubuntu machines by default, but I hope it has a wider benefit on the Linux ecosystem going forward!

https://discourse.ubuntu.com/t/77063

#CertificateTransparency #PKI #Cryptography

CRLite is a fascinating piece of technology by Mozilla to handle revocations on the WebPKI, in a privacy-friendly and bandwidth ~friendy approach: it uses a new compact data-structure called Clubcards (basically Ribbon filters (enhanced Bloom filters) with partitionning): https://hacks.mozilla.org/2025/08/crlite-fast-private-and-comprehensive-certificate-revocation-checking-in-firefox/

#RustLang #WebPKI #revocation #CRLite #clubcard #Firefox

Το #Firefox_CRLite ενισχύει την ασφάλεια και το απόρρητο χωρίς συμβιβασμούς

Η #Mozilla εισήγαγε ένα νέο #σύστημα_ανάκλησης πιστοποιητικών στον #Firefox_142 που ονομάζεται #CRLite. Ο κατασκευαστής του προγράμματος περιήγησης δήλωσε ότι το CRLite κάνει την #περιήγηση πιο γρήγορη, πιο #ιδιωτική και πιο #ασφαλή.

https://www.techne.gr/ams/to-firefox-crlite-enischyei-tin-asfaleia-kai-to-aporrito-choris-symvivasmoys.193/

I'll be attending the Real World Crypto Symposium in Toronto in two weeks time (#RWC), and after that, I'm once again co-organizing the Open Source Cryptography Workshop. (#OSCW2024)

I’ll also be real happy to talk about the new developments with the #Sunlight #CertificateTransparency log design, Let’s Encrypt’s new ACME Renewal Information (#ARI) draft specification, #CRLite, Rustls… all that stuff.

https://insufficient.coffee/2024/03/14/rwc-and-oscw-2024/