On Thu, Dec 19, 2024 at 11:07:22AM -0700, Jeremy Rowley wrote: > I agree that educating subscribers has been largely ineffective. However, > randomly causing outages won't solve the issue.
Oh, I don't know... ransomware has been far more effective at improving DR practices than several decades of education was. > automation. Only allow CAs to deliver certificates via an automated > solution and all of a sudden you have 100% automation adoption. You'd have 100% *issuance* automation adoption, but not 100% *lifecycle* automation adoption. The evidence I've collected (https://www.hezmatt.org/~mpalmer/blog/2024/01/30/why-certificate-automation-matters.html) suggests to me that some fraction of people who use ACME for certificate issuance are still manually handling at least some part of the certificate lifecycle, and it's the whole lifecycle that matters when determining whether prompt certificate replacement is feasible, not just issuance. - Matt -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/7c9190a4-b8be-4c44-9bc8-7994427aee3f%40mtasv.net.
