CRLite: Certificate Revocation Checking in Firefox

Is there some high-level overview of this "cascade of Ribbon filters" data structure? I understand bloom filters, but couldn't get any intuition for this one from FB's blog post.

edit: found an overview here that helps a bit: https://news.ycombinator.com/item?id=27800788 This seems good but will take more time to absorb: https://pangyoalto.com/en/ribbon-filter/

The Github repo for the backend implementation is here: https://github.com/mozilla/crlite/ Notably, you can query CRLite from the CLI using https://github.com/mozilla/crlite/tree/main/rust-query-crlit... - like:

$ git clone https://github.com/mozilla/crlite.git $ cd crlite/rust-query-crlite/ $ cargo run -- -vv --update prod https github.com

INFO - Loaded 21 CRLite filter(s), most recent was downloaded: 0 hours ago DEBUG - Loaded certificate from github.com DEBUG - Issuer DN: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA DEBUG - Subject DN: CN=github.com DEBUG - Serial number: 00ab6686b5627be80596821330128649f5 DEBUG - Issuer SPKI hash: 6YBE8kK4d5J1qu1wEjyoKqzEIvyRY5HyM_NB2wKdcZo= TRACE - 20250809-1-default.filter: Good TRACE - 20250810-0-default.filter.delta: Good TRACE - 20250810-1-default.filter.delta: Good TRACE - 20250811-0-default.filter.delta: Good TRACE - 20250811-1-default.filter.delta: Good TRACE - 20250812-0-default.filter.delta: Good TRACE - 20250812-1-default.filter.delta: Good TRACE - 20250813-0-default.filter.delta: Good TRACE - 20250813-1-default.filter.delta: Good TRACE - 20250814-0-default.filter.delta: Good TRACE - 20250814-1-default.filter.delta: Good TRACE - 20250815-0-default.filter.delta: Good TRACE - 20250815-1-default.filter.delta: Good TRACE - 20250816-0-default.filter.delta: Good TRACE - 20250816-1-default.filter.delta: Good TRACE - 20250817-0-default.filter.delta: Good TRACE - 20250817-1-default.filter.delta: Good TRACE - 20250818-0-default.filter.delta: Good TRACE - 20250818-1-default.filter.delta: Good TRACE - 20250819-0-default.filter.delta: Good TRACE - 20250819-1-default.filter.delta: Good INFO - github.com Good

CRLite is awesome, and it deserves more usage; notably most non-browser clients on Linux machines don’t get any revocation handling at all.

CRLite sounds like an elegant solution. Are there reasons why Chrome is not implementing it or do they just have other priorities?