Firefox: Surf faster and more securely thanks to CRLite
A new system for certificate revocation lists: Firefox 142 introduces CRLite. The local, complete check of revoked certificates is safer and faster.
(Image: Andrew Derr/Shutterstock.com)
Mozilla introduces CRLite in Firefox: The system is used to revoke certificates and is intended to contribute to more secure Internet communication. Websites use HTTPS certificates to confirm identity and ensure an encrypted connection. If such a certificate is misused or compromised, it must be revoked immediately. Previous procedures, such as online verification via OCSP or CRL downloads, have known weaknesses: they slow down page loading times, can violate users' privacy by revealing page views to third parties and were never really complete, as only a portion of the certificates revoked worldwide were ever checked.
Certificate revocation list lean and secure
CRLite now eliminates the need to access external services while browsing. Instead, the system collects and stores information on all revoked certificates locally in the browser. A compression process ensures that around 300 KB of data has to be updated every day so that Firefox is always up to date. The aim is therefore to ensure that the system remains resource-efficient while ensuring that security information is always up to date. The particular strength of CRLite lies in its completeness: while other browsers were previously only able to check a selection of the most important or best-known certificates locally, Firefox uses CRLite to manage all revoked certificates worldwide and can therefore reliably detect and block fraudulent or compromised sites.
Videos by heise
Mozilla emphasizes that CRLite not only increases security, but also protects privacy, as no more requests are made to external services. Users also benefit from faster loading times, as the validity check is carried out directly on the device. Mozilla sees CRLite as the future for the entire web and hopes that other browsers will also adopt the system.
More details can be found in Mozilla's announcement and on Mozilla's hacks page. CRLite is part of Firefox 142 – the update includes the link preview for users and enables LLM extensions for the first time.
(fo)
