Rollin Yu <rollin...@trustasia.com> writes: >Among them, certificates revoked due to CRLReason #1 (key compromise): >254,690
How reliable are those figures though? Unless an attacker thoughtfully notifies you that they've stolen your key, how would anyone know it's been compromised? What if it's just the default setting in software for revocations, since keyCompromise is the very first CRL reason entry? What if it's deliberately selected because keyCompromise gets given a higher priority (urgent) than any other reason (oh, just FYI...). What are the figures for other crlReasons? If superseded (due to forced cert turnover) has a much lower count than keyCompromise then we can be pretty sure the keyCompromise figures aren't realistic. Peter. -- You received this message because you are subscribed to the Google Groups "dev-security-policy@mozilla.org" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-policy+unsubscr...@mozilla.org. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/ME0P300MB0713ECDBD50465977986D726EED42%40ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM.
