I have a nasty habit of requesting revocation of such compromised keys whenever ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tgsovlerkhgsel on June 28, 2020 \| parent \| context \| favorite \| on: Chromium and Mozilla to enforce 1 year validity fo... I have a nasty habit of requesting revocation of such compromised keys whenever I find them. CAs are required to revoke within 24 hours, I think, though unfortunately revocation is surprisingly ineffective.

AdamJacobMuller on June 28, 2020 [–]

Do you actually find those often? I've actually never seen one. I will admit I've also never specifically looked very hard.

tgsovlerkhgsel on June 29, 2020 | [–]

I'd say one every couple of years.

https://letsencrypt.org/docs/certificates-for-localhost/ has great documentation on that topic, including more examples.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact