I don't know whether it was noticed or if it matters to anyone, but I did note that for at least one of these certificates, particularly the one at https://crt.sh/?id=92235996 , that the sole SAN dnsName for the certificate is ev-expired.identrustssl.com.
The cert also had a whopping 24 hours of validity. I am positing that this certificate, at least, was administratively created by Identrust in order to provide a certificate test point of the expired certificate type, as many root programs require for inclusion, etc. While I imagine that this is not necessarily relevant to whether there's a BR issue, it may at least inform how the certificate came about, if that is of interest. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy