Hacker News new | ask | show | jobs
by cestith 3450 days ago
I think the more common case than a revocation is replacing an expiring certificate. I don't have hard data. It sure seems to me that short-lived certificates tend to rotate out far more often than they need to be revoked.
1 comments
viraptor 3450 days ago
> It sure seems to me that short-lived certificates tend to rotate out far more often than they need to be revoked.

For large majority of companies, would they even spot that their keys have been stolen? That's a few steps before revocation itself.

link