Hacker News new | ask | show | jobs
by pquerna 884 days ago
The API for Let's Encrypt to do this requires possession of the private key, which pwned keys doesn't always have. Sometimes they just have an "attestation" of compromise:

https://pwnedkeys.com/submit.html

Which if you had an standardized representation of that attestation, maybe CAs could consume that instead.

But, the author of pwnedkeys thought of that, and started an RFC for exactly that:

https://github.com/pwnedkeys/key-compromise-attestation-rfc/...

But it seems dead right now.