Comment on Google's plan to restrict sideloading on Android has a potential escape hatch for users
Zak@lemmy.world 2 days agoHow? Expiration doesn’t grant an unauthorized party access to the private key.
Comment on Google's plan to restrict sideloading on Android has a potential escape hatch for users
Zak@lemmy.world 2 days agoHow? Expiration doesn’t grant an unauthorized party access to the private key.
LodeMike@lemmy.today 2 days ago
There’s zero cryptographic reason to have a signed date at that point.
Zak@lemmy.world 2 days ago
Which nullifies the point of certificates having an expiration date (limited window for exploiting a compromised certificate, possibility of domains changing hands), not the point of validating the signature (tie responsibility for apps to who owned a domain on a specific date, allow third parties to create blacklists of bad developers).