Is "changing the locks" (revoking the certificate) really so complicated that th... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		bifel on Sept 19, 2014 \| parent \| context \| favorite \| on: Keyless SSL: The Nitty Gritty Technical Details Is "changing the locks" (revoking the certificate) really so complicated that this "janitor-solution" is easier/cheaper/safer?

wsh on Sept 19, 2014 [–]

The CA can revoke the certificate, but since revocation checking in browsers is neither universal nor reliable under attack, revocation isn't a completely effective way to recover from a compromised private key.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact