On Mon, Feb 12, 2018 at 5:36 PM, Kai Engert <k...@kuix.de> wrote: > > For example, if you note, there are two Google certificates, but they > > share the same SPKI and Subject Name - which is why the Chromium > > whitelist only has one certificate listed, as it extracts the SPKI from > > that resource as part of the whitelist. > > Are you referring to these two subCAs? > https://crt.sh/?id=23635000 > https://crt.sh/?id=142951186 > > It seems the first one has already expired, and it might no longer be > necessary to worry about it? >
While nothing is certain, it is likely that Google might have another subCA certificate issued with the same SPKI and Subject. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy