1934361 - ICP-Brasil: Mis-issued certificate
google.com has a CAA RR which only allows pki.goog to issue certificates for this domain (I know, this is not a hard proof because this may have changed, but I am very confident it didn't change)
I don't think ICP-Brasil is publicly trusted. I found inclusion requests, e.g. https://bugzilla.mozilla.org/show_bug.cgi?id=1674669 or https://bugzilla.mozilla.org/show_bug.cgi?id=438825 or https://bugzilla.mozilla.org/show_bug.cgi?id=1677631.
I would like to add this mis-issuance to the list of events to consider when including (or not) ICP-Brasil in the Mozilla root store.
The issuing intermediate "Autoridade Certificadora Raiz Brasileira v10" is trusted by Microsoft for server authentication according to https://learn.microsoft.com/en-us/security/trusted-root/participants-list
Curiously, ICP-Brasil has recently issued a determination removing itself from SSL/TLS certificates except for closed ecosystems (such as the financial network). https://repositorio.iti.gov.br/resolucoes/Resolucao209_descontinuidade_SSL.htm
