Let’s Encrypt, a leading provider of free SSL/TLS certificates, has officially announced its timeline for discontinuing support for the Online Certificate Status Protocol (OCSP) in favor of Certificate Revocation Lists (CRLs).
This decision, driven by privacy and efficiency concerns, marks a significant shift in how the organization communicates certificate revocation information.
The phase-out of OCSP services will occur in stages:
- January 30, 2025: Issuance requests with the OCSP Must-Staple extension will fail unless the requesting account has previously issued such certificates.
- May 7, 2025: CRL URLs will be added to certificates, and OCSP URLs will be removed. All issuance requests with the OCSP Must-Staple extension will fail.
- August 6, 2025: Let’s Encrypt will shut down its OCSP responders entirely.
Subscribers using the OCSP Must-Staple extension are advised to reconfigure their systems before May 7, 2025, to avoid disruptions.
Why End OCSP?
OCSP and CRLs are both mechanisms for verifying certificate validity. However, Let’s Encrypt has identified several drawbacks to OCSP that prompted this decision:
- Privacy Risks: When a browser or software queries an OCSP responder to check a certificate’s status, it reveals the website being visited and the visitor’s IP address to the Certificate Authority (CA). Even though Let’s Encrypt does not retain this data, legal pressures could compel CAs to collect it. CRLs eliminate this risk as they allow clients to check revocation statuses locally without revealing browsing habits.
- Operational Efficiency: Maintaining OCSP services has been resource-intensive for Let’s Encrypt. With CRLs now supported since 2022, the organization can simplify its infrastructure and allocate resources more effectively.
- Industry Trends: The CA/Browser Forum recently made OCSP optional for publicly trusted CAs. Most major root programs have already dropped the requirement for OCSP, with Microsoft expected to follow suit soon.
For most websites and browsers, this transition will be seamless. However, non-browser software relying on OCSP may require updates to ensure compatibility with certificates lacking an OCSP URL.
Let’s Encrypt recommends that users relying on OCSP begin transitioning to CRLs immediately.
Why the Shift from OCSP to CRLs?
The primary motivation behind this shift is the privacy risk associated with OCSP. When a user visits a website, the CA operating the OCSP responder can track which sites are being visited from specific IP addresses.
Although Let’s Encrypt does not retain this information, the potential for legal compulsion to do so exists. CRLs, on the other hand, do not pose this privacy risk as they are downloaded and checked locally by the client.
Additionally, OCSP has been resource-intensive for Let’s Encrypt, consuming significant operational resources that can now be redirected towards enhancing other aspects of their service.
The move to CRLs also aligns with industry trends, as the CA/Browser Forum has made OCSP an optional service for publicly trusted CAs, and most root programs, except Microsoft’s, no longer mandate OCSP.
OCSP Must-Staple was introduced to enhance security by requiring browsers to validate stapled responses during TLS handshakes. However, limited browser support and implementation challenges have hindered its adoption. With the removal of OCSP services, Let’s Encrypt will also discontinue support for this extension.
Let’s Encrypt encourages all users currently relying on OCSP to transition to CRLs promptly. Updates on the OCSP phase-out timeline will be available through Let’s Encrypt’s API Announcements category on Discourse.
(Courtesy: cybersecuritynews)
