Comment on Google's plan to restrict sideloading on Android has a potential escape hatch for users
LodeMike@lemmy.today 2 days agoThat completely nullifies the entire point of signature validations.
Comment on Google's plan to restrict sideloading on Android has a potential escape hatch for users
LodeMike@lemmy.today 2 days agoThat completely nullifies the entire point of signature validations.
Zak@lemmy.world 2 days ago
How? Expiration doesn’t grant an unauthorized party access to the private key.
LodeMike@lemmy.today 2 days ago
There’s zero cryptographic reason to have a signed date at that point.
Zak@lemmy.world 2 days ago
Which nullifies the point of certificates having an expiration date (limited window for exploiting a compromised certificate, possibility of domains changing hands), not the point of validating the signature (tie responsibility for apps to who owned a domain on a specific date, allow third parties to create blacklists of bad developers).