alt Hacker NewsI think I've seen one or two, and only because I noticed them as a weird callout in a $LARGE_FINANCE_INSTITUTION infosec bingo sheet. Of course I had to check that they really were running with OV certs.
Some of the outfits in that space will be heavily hit by the shortening certificate max-lifetimes, and I do hope that the insurance companies at some point also stop demanding a cert rotation before 90 days to expiry. It's a weird feeling to redline a corporate insurance policy when their standard requirements are 15 years out of date.
Replies
crote • yesterday at 11:41 PM
> I do hope that the insurance companies at some point also stop demanding a cert rotation before 90 days to expiry
It's not like you have a lot of choices when certificates are only valid for 47 days in 2029!
> when their standard requirements are 15 years out of date
I swear half of my "compensating control" responses are just extended versions of "policy requirement is outdated or was always bad".