given the images seen on the links, both certs are signed by the same
entity (i cannot see the pubKey ID but issuer names match), yet have the
same serial number 3014267. Isn't the (serial number + issuer pub key
identifier) supposed to be unique and identify a cert uniquely?
is it common practice
in CT, how do you tell if a newly-generated cert is legitimate or not?
Say, I am a state-sponsored attacker and can get a cert signed by my
national CA for barclays. How do you tell this cert is not legitimate? It
could have been barclays' IT admin who asked for a new cert.
Do companies need to
