The Demise of OCSP: Let's Encrypt Pulls the Plug
2025-01-30
Let's Encrypt's decision to discontinue OCSP support signals the end of an era for this 25-year-old certificate revocation checking technology. Plagued by poor browser implementation and high costs, OCSP failed to deliver significant security improvements. The future involves shorter-lived certificates (e.g., 6-day validity) and a revised CRL approach handled by browser vendors. While niche uses of OCSP might persist, its widespread adoption is over.