We are pleased to announce that Firefox 142 will begin production usage of our brand new certificate revocation system known as CRLite. CRLite makes your browsing faster, more private, and more secure, and is a significant advancement to the state of the art for encryption on the internet.
Every day, billions of people rely on HTTPS to securely encrypt their communication with websites. This core protocol ensures both that you are communicating with the right website and that other parties can’t spy on what you’re doing. To make this work, websites obtain certificates from trusted organizations to prove to browsers like Firefox that they are who they say they are. However, mistakes happen: a certificate can be mis-issued to the wrong party, or compromised by a malicious actor. When this happens, the certificate must be revoked so that browsers know it is no longer trustworthy. Communicating this information to browsers is a surprisingly hard problem — all previous methods have had to make tradeoffs between privacy, security, and performance.