Several years ago, I saw some documentation about specifying the locations of CRLs in some proxy software. My first thought was "surely I have some of those on the system for web PKI". I was wrong. That sent me down a deep dark rabbit hole of how revocations are normally handled, at the bottom of which was the conclusion that most software does nothing, because it is just too hard.

Firefox has a project (crlite) that uses bloom filters to make crls more practical, but it is still experimental. I think we are a long ways out from the technology being widely used across the industry.

It turns out it is easier to significantly reduce the validity time of webpki certs than solve the problem of distributing distrbuting a list of revoked certificates. Although the former actually helps a lot with the latter, as it reduces the size of said list.