CRLite

A Scalable System for Pushing All TLS Revocations to All Browsers


clamp

CRLite is a research project focused on improving certificate revocation in the Web PKI.

News

About

In the Web PKI, TLS certificates are revoked by either website administrators or Certificate Authorities (CAs) when the certificate’s private key is compromised or in the wake of attacks like Heartbleed. Checking whether a certificate is revoked is difficult because the browser must either obtain a complete list of revoked certificates to check against (CRLs), or ask the CA whether that specific certificate is revoked (OCSP). This process is repeated for each new certificate encountered as the user browses the web.

Certificate revocation lists (CRLs) are distributed by each CA and can get quite large (Apple had a 70MB CRL!). Asking CAs whether a particular certificate is revoked (OCSP) is a breach of privacy, adds an extra RTT to each initial HTTPS request, and browsers fail-open, so if an attacker blocks the OCSP request, the browser assumes the certificate is not-revoked.

As a result, many browsers perform revocation checks only in certain cases, and (as of 2015) mobile browsers perform no checking at all.

Using CRLite, the browsers stores certificates revocation information in a "cascade" of bloom filters using only a few megabytes (if that) when compressed. The browser downloads daily updates (on the order of kilobytes). Note: the exact performance numbers have changed over time as CRLite has undergone more study and implementation.

In short, CRLite provides the following properties:

BibTeX Citation


@inproceedings{larisch2017crlite,
  title = {{CRLite: A Scalable System for Pushing All TLS Revocations to All Browsers}},
  author = {Larisch, James and Choffnes, David and Levin, Dave and Maggs, Bruce M. and Mislove, Alan and Wilson, Christo},
  booktitle={2017 IEEE Symposium on Security and Privacy (SP)},
  pages={539--556},
  year = {2017},
}

        

Authors