Comment on Google's plan to restrict sideloading on Android has a potential escape hatch for users
LodeMike@lemmy.today 2 days agoThere’s zero cryptographic reason to have a signed date at that point.
Comment on Google's plan to restrict sideloading on Android has a potential escape hatch for users
LodeMike@lemmy.today 2 days agoThere’s zero cryptographic reason to have a signed date at that point.
Zak@lemmy.world 2 days ago
Which nullifies the point of certificates having an expiration date (limited window for exploiting a compromised certificate, possibility of domains changing hands), not the point of validating the signature (tie responsibility for apps to who owned a domain on a specific date, allow third parties to create blacklists of bad developers).