On 07/22/2010 08:05 PM, Dan Kaminsky wrote: > > That's $240K/yr being spent to manage three year expirations, just on > labor.
Yep. But as Dr. Laura would say, "you knew that before you married her". Nobody said you had to go into that business, or that you were entitled to make a profit on it. > And, of course, you see the result of this: People don't go ahead > and put 500 different certs on 500 different machines. Instead, you > end up with an Internet having but a million SSL endpoints, only half > of which even pretend to have a validating certificate. > > Costs can hide. Consequences are another matter. I don't see that 8 hours every 2 days should quite come to $1/4M per year, and I suspect a competent organization could roll out routine cert changes in under 8 hours on average. But let's suppose it does. What might be the unintended consequences be of having 500 "secure" sites hosted by folks that can't manage to spend one day every three freakin' years on maintenance? I know, it probably doesn't add that way logically, but just sayin'. - Marsh _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
