Comment by H8crilA
2 days ago
Impossible to say, as most people probably don't even know that their private key is stolen. I've personally seen it only once on a real certificate revocation. Yet another reason to have shorter lifespan.
2 days ago
Impossible to say, as most people probably don't even know that their private key is stolen. I've personally seen it only once on a real certificate revocation. Yet another reason to have shorter lifespan.
If they don't know they were breached, don't the odds favor the replaced key likewise getting re-stolen immediately?
Yes, but the odds are less than infinite, i.e. the probability is less than 1.0. At least some of such attacks take effort.
It's a pretty narrow threat model for Alice to get her cert stolen by Bob, be completely unaware that this has happened, and the means Bob used only works once.