[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Expired certificate
- To: Marsh Ray <marsh@xxxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Expired certificate
- From: Dan Kaminsky <dan@xxxxxxxxxxx>
- Date: Thu, 22 Jul 2010 23:40:41 -0400
On Thu, Jul 22, 2010 at 11:28 PM, Marsh Ray <marsh@xxxxxxxxxxxxxxxxxx>wrote:
> On 07/22/2010 08:05 PM, Dan Kaminsky wrote:
>
>>
>> That's $240K/yr being spent to manage three year expirations, just on
>> labor.
>>
>
> Yep.
>
> But as Dr. Laura would say, "you knew that before you married her".
>
> Nobody said you had to go into that business, or that you were entitled to
> make a profit on it.
Nobody says they have to deploy secure endpoints, but the credit card
people, and even then only on a really restricted subset of sites.
There are fundamental sources of these failures that are not just "people
are stupid". Remember the tales of failed +$100M PKI deployments around the
turn of the millenium?
Why do you think so much money got spent?
What might be the unintended consequences be of having 500 "secure" sites
> hosted by folks that can't manage to spend one day every three freakin'
> years on maintenance?
>
> It's one day every three years per server. If you have a lot of servers,
it adds up. And so, we back into the empirical reality -- people don't put
SSL on a lot of servers.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/