[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4C4AA06F.5090907@extendedsubset.com>
Date: Sat, 24 Jul 2010 03:12:31 -0500
From: Marsh Ray <marsh@...endedsubset.com>
To: Meadow <Meadow@...merofgod.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Expired certificate
On 07/23/2010 12:29 PM, Meadow wrote:
>
> If your organization really did have the expiration staggered at every 2
> days, then you should take a bunch of servers (grouped by
> segment/application/whatever makes sense in your environment) and renew
> all the certs on that group of servers at once, even if they aren’t all
> quite expired yet.
+1. Yeah there's no good reason to wait until the very last day.
> You should also fire your program manager.
Well, more precisely, the guy who was around three years ago.
Who is probably you, because you were promoted to be the current guy's
boss due to your ability to complete large numbers of tasks on time. So
you should fire yourself. Alternatively, since the current team is now
blessed with the hard-won wisdom gained from your pioneering mistakes,
you should raise their quotas, cut their staff, and take credit for the
improved efficiency. Which sounds better to you?
Anyone in IT very long knows how common it is for the chickens to
actually come home to roost on the same guy that laid 'em.
> The
> savings in labor and down-time would make up for the one-time cost of
> renewing some certs prematurely.
Still there could be some legitimate cases where it might happen. E.g.,
a paid hosting situation where the initial signup is self-service, but
renewals are covered under some support package.
- Marsh
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists