Let’s Encrypt comes up with workaround for abandonware Android devices

[Causality1]

I know the concept is offensive to us who love optimization and efficiency, but would it actually be impractical, though? A root certificate is a couple of kilobytes. How much space would you need to store every single certificate in history for the next hundred years?

[anfilt]

For root certs probably not too much space, but for all certs.... That depends on the number of certs issued, and more people and things are using TLS and such so it probably be more than just linear growth. 100 Years seems a bit extreme just even look back 20 years for the terms of hardware and such. Also think about how much common MD5 was then and SHA1, both of which are broken for a lot use cases.

[reaperhulk]

A good example of how rapidly a CRL can grow in size is Apple's WWDRCA CRL. Current size: 224MB despite only containing revocations back to Feb 2020. http://developer.apple.com/certificationauthority/wwdrca.crl

[Laforet]

I chuckled a bit when I clicked on your link and got a browser warning that crl cannot be downloaded securely over http.

[Dylan16807]

What in the world? Why are there millions of revoked certificates? What is creating all of these?

[schoen]

Let's Encrypt alone has issued about 1.5 billion certificates in five years of operation; just storing those in DER form with no indexing or other metadata would occupy more than a terabyte of storage. (This is also not counting CT precertificates, which are duplicative of the final certificates in their meaningful content but contain different signature data.)