Addressing Linux's Missing PKI Infrastructure
3 days ago
- #PKI
- #Linux
- #Security
- LWN article highlighted Linux's lack of CRL infrastructure and ignored PKI measures.
- Let’s Encrypt deprecating OCSP, leaving CRLs as the alternative with little Linux support.
- Introduction of upki: a universal PKI tool to address revocation gap in Linux.
- CRLite by Mozilla offers a bandwidth-efficient solution for distributing revocation data.
- upki will include server-side mirroring, client-side sync, and query tools written in Rust.
- Canonical to provide backend infrastructure for upki, ensuring long-term stability.
- upki aims for Ubuntu 26.04 LTS preview, with default inclusion targeted for Ubuntu 26.10.
- Future integration planned with OpenSSL, GNUtls, and rustls for broader ecosystem support.