Regardless of “hard evidence” it’s still the company policy. How well does it go over if you try to say “well acktuslly…” when it comes to password changes.

That implies though I don’t want valid certificates in my environment. I still want to make sure even on my private network I’m using valid certs. A lot of security departments require that too even if the device isn’t public facing.

Tell that to all the embedded device manufacturers… switches, appliances, nas, etc.

There’s a whole load of things that will have a massive administrative burden if the frequency is dropped.

There are a lot of embedded systems that do not offer API support to swap out certificates. Things like switches, dvr, nas devices, etc.

Wouldn’t any VPS basically work as it’s providing you the Os (usually Linux) and it’s up to you to deploy the apps you want?

So when are we gonna find out this is just like Amazon’s “AI” markets with no cashiers that was actually just image feeds sent to India to be processed by a low paying human?