https://crt.sh/?id=7040227
https://crt.sh/?id=30328289

I am confused for those reasons.

1. the CN of two cerificates are same. So it is not necessary to issue two 
certificates in just 2 minutes.
2. second one used SHA1, though is consistent with BR, but first one used 
SHA256.
3. first one has 39 month period of validity which is very rare.
4. Since they are issued so close they should be logged at CT same time but 
second one are too late.

So is there some common parctice I don't know or another mistake made by Wosign?
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to