Aaron Gable (Principal Engineer, Let's Encrypt)
Aaron is the technical lead of the Let's Encrypt software development team, which builds the CA's validation and issuance software. His work both with ISRG and previously with the Chromium Project is focused on making the web a better place through open source initiatives.
Sessions
In a delegated-trust environment like the WebPKI, revocation of trust in certificates and keys that are compromised is a critical aspect of security. But for many years, security experts have rightly been saying that revocation is broken: Certificate Revocation Lists don’t scale; the Online Certificate Status Protocol fails open, is expensive to run, and is a privacy risk; and mass-revocations can effectively take huge swathes of the internet offline. This talk will provide technical details behind three techniques that the tiny team at Let’s Encrypt is using to solve these problems at scale.