| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4C490C6A.9000106@extendedsubset.com> Date: Thu, 22 Jul 2010 22:28:42 -0500 From: Marsh Ray <marsh@...endedsubset.com> To: Dan Kaminsky <dan@...para.com> Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: Re: Expired certificate On 07/22/2010 08:05 PM, Dan Kaminsky wrote: > > That's $240K/yr being spent to manage three year expirations, just on > labor. Yep. But as Dr. Laura would say, "you knew that before you married her". Nobody said you had to go into that business, or that you were entitled to make a profit on it. > And, of course, you see the result of this: People don't go ahead > and put 500 different certs on 500 different machines. Instead, you > end up with an Internet having but a million SSL endpoints, only half > of which even pretend to have a validating certificate. > > Costs can hide. Consequences are another matter. I don't see that 8 hours every 2 days should quite come to $1/4M per year, and I suspect a competent organization could roll out routine cert changes in under 8 hours on average. But let's suppose it does. What might be the unintended consequences be of having 500 "secure" sites hosted by folks that can't manage to spend one day every three freakin' years on maintenance? I know, it probably doesn't add that way logically, but just sayin'. - Marsh _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists