Impossible to say, as most people probably don't even know that their private key is stolen. I've personally seen it only once on a real certificate revocation. Yet another reason to have shorter lifespan.
It's a pretty narrow threat model for Alice to get her cert stolen by Bob, be completely unaware that this has happened, and the means Bob used only works once.
Hmmm. This solution still leaves quite a few days a compromised certificate can be used(!).. that's significant.. but I guess it's better than nothing?
An example I experienced was an employee accidentally shipping keys/certs to a vendor in a support dump of a network device.
I had to revoke the certs and in anticipation I pulled together customer support, engineering, legal, various security orgs in the event that revocation would cause outages from cached certs from middle boxes of which there were plenty or other weird b2b setups.
It turned out to be a nothing-burger. None of the browsers or MitM proxies actually did anything with revocation and happily used the revoked certs without even a single warning from tens of millions of end users and system. This was around 2014. Curious if that has changed and if anyone here has tested revocation in a staging environment that has devices that cache certs.