>
> However, the thing that's protecting against (a SHA1 intermediate
> certificate (oops, I see I've called it "intermediary" in the code and
> doc; I'll fix that now)) is, I seem to remember, now being considered a
> realistic attack (i.e., you can generate valid-looking fake certificates
> based on one).
>
> Or do I misremember?  I tried googling now, and I couldn't find anybody
> actually achieving that yet...
>
>
It's all about collisions[1], it's mostly a precaution, as no one has found
an actual collistion for a cert yet, but Google has found collision for PDF
last year [2].

[1]: https://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html
[2]: https://shattered.io/