All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Let's Encrypt Discontinues OCSP Service Due to Privacy Concerns, Moves to CRLs Exclusively

By

pfexec

8mo ago· 2 min readenNews
Bagel score 70 of 100
70/100
Toasty
Bagelometer

Crackles when you bite it. Shows the baker did the work.

Score70TypenewsSentimentneutral

Summary

Let's Encrypt has officially discontinued its Online Certificate Status Protocol (OCSP) service, as previously announced in December. The organization stopped including OCSP URLs in certificates over 90 days ago, meaning all certificates containing these URLs have now expired. Moving forward, revocation information will be published exclusively via Certificate Revocation Lists (CRLs). The primary reason for ending OCSP support is privacy concerns, as OCSP reveals website visitation patterns and IP addresses to Certificate Authorities, creating potential privacy risks even when CAs don't intentionally retain this information.

Key quotes

· 4 pulled
We ended support for OCSP primarily because it represents a considerable risk to privacy on the Internet
When someone visits a website using a browser or other software that checks for certificate revocation via OCSP, the Certificate Authority (CA) operating the OCSP responder immediately becomes aware of which website is being visited from that visitor's particular IP address
CRLs do not have this issue
Going forward, we will publish revocation information exclusively via Certificate Revocation Lists (CRLs)
Snippet from the RSS feed
Today we turned off our Online Certificate Status Protocol (OCSP) service, as announced in December of last year. We stopped including OCSP URLs in our certificates more than 90 days ago, so all Let’s Encrypt certificates that contained OCSP URLs have now

You might also wanna read

OWASP Agent Memory Guard: Open-source runtime defense against AI agent memory poisoning attacks

OWASP's Agent Memory Guard is an open-source runtime defense layer that protects AI agents from memory-based attacks. It sits between an age

helpnetsecurity.com·1h ago

GitHub Bans Security Researcher Over Windows Zero-Day Exploit Code in YellowKey Dispute

Security researcher Nightmare-Eclipse reportedly lost his GitHub account after posting Windows zero-day exploit code related to the YellowKe

winbuzzer.com·4h ago

Suspicious hidden message discovered in jqwik testing library 1.10.0

A developer reports discovering a suspicious string in the jqwik testing library (version 1.10.0) that appears during Maven test runs. The s

github.com·7h ago

Attackers exploit FortiClient EMS vulnerability (CVE-2026-35616) to deliver infostealer to enterprise devices

Attackers are exploiting a known vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver a broad-spectru

helpnetsecurity.com·10h ago

Critical Gogs RCE bug (CVSS 9.4) remains unpatched; exploit module now public

A critical remote code execution (RCE) vulnerability rated 9.4/10 has been discovered in Gogs, a popular open-source self-hosted Git service

theregister.com·10h ago

GrapheneOS: A privacy-focused, open-source mobile OS with Android app compatibility

GrapheneOS is a non-profit, open-source mobile operating system focused on privacy and security, with full Android app compatibility. Founde

grapheneos.org·11h ago