←back to thread

Six day and IP address certificate options in 2025

(letsencrypt.org)
197 points SGran | 1 comments | 16 Jan 25 15:36 UTC | HN request time: 0s | source
Show context
blakesterz ◴[16 Jan 25 18:47 UTC] No.42729220[source]
I don't disagree with anything they say here:

https://letsencrypt.org/2025/01/16/6-day-and-ip-certs/#short...

But... How often do these types of compromises happen? I can't say I've ever seen or heard of it happening.

replies(6): >>42729585 #>>42730043 #>>42730145 #>>42730476 #>>42732356 #>>42748019 #
H8crilA ◴[16 Jan 25 19:15 UTC] No.42729585[source]
Impossible to say, as most people probably don't even know that their private key is stolen. I've personally seen it only once on a real certificate revocation. Yet another reason to have shorter lifespan.
replies(2): >>42730046 #>>42730194 #
1. Spivak ◴[16 Jan 25 19:53 UTC] No.42730046[source]
It's a pretty narrow threat model for Alice to get her cert stolen by Bob, be completely unaware that this has happened, and the means Bob used only works once.