[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Expired certificate
- To: Dan Kaminsky <dan@xxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Expired certificate
- From: Marsh Ray <marsh@xxxxxxxxxxxxxxxxxx>
- Date: Thu, 22 Jul 2010 22:28:42 -0500
On 07/22/2010 08:05 PM, Dan Kaminsky wrote:
>
> That's $240K/yr being spent to manage three year expirations, just on
> labor.
Yep.
But as Dr. Laura would say, "you knew that before you married her".
Nobody said you had to go into that business, or that you were entitled
to make a profit on it.
> And, of course, you see the result of this: People don't go ahead
> and put 500 different certs on 500 different machines. Instead, you
> end up with an Internet having but a million SSL endpoints, only half
> of which even pretend to have a validating certificate.
>
> Costs can hide. Consequences are another matter.
I don't see that 8 hours every 2 days should quite come to $1/4M per
year, and I suspect a competent organization could roll out routine cert
changes in under 8 hours on average. But let's suppose it does.
What might be the unintended consequences be of having 500 "secure"
sites hosted by folks that can't manage to spend one day every three
freakin' years on maintenance?
I know, it probably doesn't add that way logically, but just sayin'.
- Marsh
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/