Now the thing is that *you cannot control a client*.
> I can not 'expire' a certificate, of course. But I can chose not to consider it valid.
How do you know if an party could make it invalid? Not by "it's owned by google" or similar. Link to the line of the chromium source code is needed.
You can't know if some certificate is being considered valid or not by other clients you don't control.
You can't force a client you don't control to consider valid a certificate, in the same way you can't force that client to validate certain certificate either.
At the end, it's just up to the client, that's all I wanted to point out.
Related:
As I said, it's always the client that decides whether a certificate (or CA) is valid or not.
https://security.googleblog.com/2024/06/sustaining-digital-certificate-security.html
Interesting, However this seems only limited to Google Chrome itself.
