Comment by quesera
1 day ago
I've never seen (noticed) an OV cert in real life, and no business I've ever been responsible for pushed for OV over DV. It was always EV or "huh?"
1 day ago
I've never seen (noticed) an OV cert in real life, and no business I've ever been responsible for pushed for OV over DV. It was always EV or "huh?"
I think I've seen one or two, and only because I noticed them as a weird callout in a $LARGE_FINANCE_INSTITUTION infosec bingo sheet. Of course I had to check that they really were running with OV certs.
Some of the outfits in that space will be heavily hit by the shortening certificate max-lifetimes, and I do hope that the insurance companies at some point also stop demanding a cert rotation before 90 days to expiry. It's a weird feeling to redline a corporate insurance policy when their standard requirements are 15 years out of date.
> when their standard requirements are 15 years out of date
I swear half of my "compensating control" responses are just extended versions of "policy requirement is outdated or was always bad".
> I do hope that the insurance companies at some point also stop demanding a cert rotation before 90 days to expiry
It's not like you have a lot of choices when certificates are only valid for 47 days in 2029!
Before LE, we did lots of OV (which you generally could get a couple of for free from somewhere). We had to dig up stuff like a heating bill, because evidently that is proof of organizational control to some people.