☕️ Insufficient Coffee

Archive of posts regarding mozilla

CRLite: Speeding Up Secure Browsing

Published 2020-01-21

CRLite pushes bulk certificate revocation information to Firefox users, reducing the need to actively query such information one by one. Additionally this new technology eliminates the privacy leak that individual queries can bring, and does so for the whole Web, not just special parts of it.

[read more]

The End-to-End Design of CRLite

Published 2020-01-09

CRLite is a technology to efficiently compress revocation information for the whole Web PKI into a format easily delivered to Web users. It addresses the performance and privacy pitfalls of the Online Certificate Status Protocol (OCSP) while avoiding a need for some administrative decisions on the relative value of one... [read more]

The State of CRLs Today

Published 2017-08-18

Certificate Revocation Lists (CRLs) are a way for Certificate Authorities to announce to their relying parties (e.g., users validating the certificates) that a Certificate they issued should no longer be trusted. E.g., was revoked.

[read more]

Analyzing Let's Encrypt statistics via Map/Reduce

Published 2017-05-16

I’ve been supplying the statistics for Let’s Encrypt since they’ve launched. In Q4 of 2016 their volume of certificates exceeded the ability of my database server to cope, and I moved it to an Amazon RDS instance.

[read more]

Early Impacts of Let's Encrypt

Published 2016-02-19

During the months I worked in Let’s Encrypt’s operations team I got fairly used to being the go-to man for any question that a database query could solve.

[read more]

Beta Testing Let's Encrypt

Published 2015-10-08

One of the advantages to being part of the Let’s Encrypt team is early access to the closed beta. As such, I’ve been able to issue a handful of certificates from the service. For example: usr.bin.coffee. There’s a lot of other upsides as well, such as working with incredible... [read more]