Post Syndicated from daroc original https://lwn.net/Articles/1033809/

In July 2024,

Let’s Encrypt, the nonprofit TLS certificate authority (CA),

announced
that it would be ending support for the

online certificate status protocol
(OCSP), which is used to determine when a server’s signing certificate has been
revoked. This prevents a compromised key from being used to impersonate a web
server.
The organization cited privacy concerns, and recommended that people
rely on

certificate revocation lists (CRLs)
instead. On August 6, Let’s Encrypt
followed through and disabled its OCSP service. This poses a
problem for Linux systems that must now rely on CRLs because, unlike on other
operating systems, there is no standardized way for Linux programs to share a
CRL cache.