On Mon, Feb 12, 2018 at 5:36 PM, Kai Engert <k...@kuix.de> wrote:
> > For example, if you note, there are two Google certificates, but they
> > share the same SPKI and Subject Name - which is why the Chromium
> > whitelist only has one certificate listed, as it extracts the SPKI from
> > that resource as part of the whitelist.
> Are you referring to these two subCAs?
> It seems the first one has already expired, and it might no longer be
> necessary to worry about it?
While nothing is certain, it is likely that Google might have another subCA
certificate issued with the same SPKI and Subject.
dev-security-policy mailing list