ardi60@reddthat.com to Technology@lemmy.worldEnglish · 2 months agoGoogle's plan to restrict sideloading on Android has a potential escape hatch for userswww.androidauthority.comexternal-linkmessage-square251linkfedilinkarrow-up11arrow-down10
arrow-up11arrow-down1external-linkGoogle's plan to restrict sideloading on Android has a potential escape hatch for userswww.androidauthority.comardi60@reddthat.com to Technology@lemmy.worldEnglish · 2 months agomessage-square251linkfedilink
minus-squareZak@lemmy.worldlinkfedilinkEnglisharrow-up0·2 months agoAnother option is to allow otherwise-valid signatures after expiration. It’s generally still possible to check them.
minus-squareKairos@lemmy.todaylinkfedilinkEnglisharrow-up0·2 months agoThat completely nullifies the entire point of signature validations.
minus-squareZak@lemmy.worldlinkfedilinkEnglisharrow-up0·2 months agoHow? Expiration doesn’t grant an unauthorized party access to the private key.
minus-squareKairos@lemmy.todaylinkfedilinkEnglisharrow-up0·2 months agoThere’s zero cryptographic reason to have a signed date at that point.
Another option is to allow otherwise-valid signatures after expiration. It’s generally still possible to check them.
That completely nullifies the entire point of signature validations.
How? Expiration doesn’t grant an unauthorized party access to the private key.
There’s zero cryptographic reason to have a signed date at that point.