OCSP Service Has Reached End of Life
7 hours ago
- #Let’s Encrypt
- #Internet Privacy
- #Certificate Revocation
- Let’s Encrypt has turned off its Online Certificate Status Protocol (OCSP) service as previously announced.
- OCSP was discontinued due to privacy concerns, as it could reveal users' visited websites and IP addresses to Certificate Authorities (CAs).
- Revocation information will now be published exclusively via Certificate Revocation Lists (CRLs), which do not pose the same privacy risks.
- The decision also aims to simplify infrastructure, ensuring compliance, reliability, and efficiency, while freeing up resources previously dedicated to OCSP.
- At its peak, the OCSP service handled approximately 340 billion requests per month, with significant support from Akamai's donated CDN services.