lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 24 Jul 2010 03:12:31 -0500
From: Marsh Ray <marsh@...endedsubset.com>
To: Meadow <Meadow@...merofgod.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Expired certificate

On 07/23/2010 12:29 PM, Meadow wrote:
>
> If your organization really did have the expiration staggered at every 2
> days, then you should take a bunch of servers (grouped by
> segment/application/whatever makes sense in your environment) and renew
> all the certs on that group of servers at once, even if they aren’t all
> quite expired yet.

+1. Yeah there's no good reason to wait until the very last day.

> You should also fire your program manager.

Well, more precisely, the guy who was around three years ago.

Who is probably you, because you were promoted to be the current guy's 
boss due to your ability to complete large numbers of tasks on time. So 
you should fire yourself. Alternatively, since the current team is now 
blessed with the hard-won wisdom gained from your pioneering mistakes, 
you should raise their quotas, cut their staff, and take credit for the 
improved efficiency. Which sounds better to you?

Anyone in IT very long knows how common it is for the chickens to 
actually come home to roost on the same guy that laid 'em.

> The
> savings in labor and down-time would make up for the one-time cost of
> renewing some certs prematurely.

Still there could be some legitimate cases where it might happen. E.g.,
a paid hosting situation where the initial signup is self-service, but 
renewals are covered under some support package.

- Marsh

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ