|
|
|
|
|
|
by schoen
3221 days ago
|
|
|
For example, some kinds of HSM bugs might conceivably lead to issuing a new intermediate after an HSM software update (like if an HSM vendor said that it had concluded that its CSPRNG was seeded inadequately with fewer effective bits of entropy than the specifications required, or something). In support of being cautious about predicting what intermediate will be used for issuance at a given time, there was also once a Let's Encrypt Authority X2 (also browser-trusted by virtue of being signed by IdenTrust's root), but issuance skipped directly from the X1 to the X3 intermediate in March 2016. https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.p... https://crt.sh/?Identity=%25&iCAID=7395 https://crt.sh/?Identity=%25&iCAID=16418 |
|
|