Replying to Avatar Yonle

Now the thing is that *you cannot control a client*.

> I can not 'expire' a certificate, of course. But I can chose not to consider it valid.

How do you know if an party could make it invalid? Not by "it's owned by google" or similar. Link to the line of the chromium source code is needed.
Avatar
DZC 1y ago

You can't know if some certificate is being considered valid or not by other clients you don't control.

You can't force a client you don't control to consider valid a certificate, in the same way you can't force that client to validate certain certificate either.

At the end, it's just up to the client, that's all I wanted to point out.

Reply to this note

Please Login to reply.

Discussion

Avatar
DZC 1y ago

Related:

As I said, it's always the client that decides whether a certificate (or CA) is valid or not.

https://security.googleblog.com/2024/06/sustaining-digital-certificate-security.html

Avatar
Yonle 1y ago

Interesting, However this seems only limited to Google Chrome itself.