←back to thread

Six day and IP address certificate options in 2025

(letsencrypt.org)
197 points SGran | 1 comments | 16 Jan 25 15:36 UTC | HN request time: 0s | source
Show context
blakesterz ◴[16 Jan 25 18:47 UTC] No.42729220[source]
I don't disagree with anything they say here:

https://letsencrypt.org/2025/01/16/6-day-and-ip-certs/#short...

But... How often do these types of compromises happen? I can't say I've ever seen or heard of it happening.

replies(6): >>42729585 #>>42730043 #>>42730145 #>>42730476 #>>42732356 #>>42748019 #
H8crilA ◴[16 Jan 25 19:15 UTC] No.42729585[source]
Impossible to say, as most people probably don't even know that their private key is stolen. I've personally seen it only once on a real certificate revocation. Yet another reason to have shorter lifespan.
replies(2): >>42730046 #>>42730194 #
yjftsjthsd-h ◴[16 Jan 25 20:04 UTC] No.42730194[source]
If they don't know they were breached, don't the odds favor the replaced key likewise getting re-stolen immediately?
replies(1): >>42730428 #
1. H8crilA ◴[16 Jan 25 20:24 UTC] No.42730428[source]
Yes, but the odds are less than infinite, i.e. the probability is less than 1.0. At least some of such attacks take effort.