Hacker News new | past | comments | ask | show | jobs | submit login

Impossible to say, as most people probably don't even know that their private key is stolen. I've personally seen it only once on a real certificate revocation. Yet another reason to have shorter lifespan.



If they don't know they were breached, don't the odds favor the replaced key likewise getting re-stolen immediately?


Yes, but the odds are less than infinite, i.e. the probability is less than 1.0. At least some of such attacks take effort.


It's a pretty narrow threat model for Alice to get her cert stolen by Bob, be completely unaware that this has happened, and the means Bob used only works once.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: