On Mon, Feb 12, 2018 at 5:36 PM, Kai Engert <k...@kuix.de> wrote:

> > For example, if you note, there are two Google certificates, but they
> > share the same SPKI and Subject Name - which is why the Chromium
> > whitelist only has one certificate listed, as it extracts the SPKI from
> > that resource as part of the whitelist.
> Are you referring to these two subCAs?
>   https://crt.sh/?id=23635000
>   https://crt.sh/?id=142951186
> It seems the first one has already expired, and it might no longer be
> necessary to worry about it?

While nothing is certain, it is likely that Google might have another subCA
certificate issued with the same SPKI and Subject.
dev-security-policy mailing list

Reply via email to