• Elvith Ma'for@feddit.org
    link
    fedilink
    English
    arrow-up
    23
    ·
    6 hours ago

    The only technical explanation that’s not malice would be that some certificate store on the device had expiring certificates and would need an update to continue to function (or rather connect to remote servers).

      • Elvith Ma'for@feddit.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 hour ago

        It depends on their use. The most common certificates that you will “use and check” (implicitly) all the time are probably those, that get served by websites and the APIs that apps talk to. Those are usually quite short lived. Let’s Encrypt IIRC issues them with a default life time of ~90 days and there’s a push industry wide to reduce their lifespan generally to… IIRC something around 40 days. But there are more usecases and certificates and those may be valid longer. E.g. a developer that signs their code/compiled binaries.

        Or - and thats more relevant - when you check a certificate you do not only check it’s content, you also check that it was issued and signed by someone “you” trust (or rather the software on your device trusts). Ususally there’s a central store on your PC managed by Microsoft (for Win), Apple (for Mac) or your Linux Distribution with a list of certificates that your device trusts. Those are usually quite long lived (often several years, probably even more than a decade). But will also end. And there will be new ones to replace the old ones. Or new vendors that get added to this trust store. If you do not update your device, this trust store won’t change.

        There are now several versions how this can affect the apps in this case, e.g.

        • They might not be able to talk to servers using “newer” certificates, as they cannot validate them. There might even be the problem, that the update mechanism breaks, as it wouldn’t be able to get updates from the server to get new certs effectively locking you out.
        • They might only allow apps that are signed by them, but their old cert is running out and if it’s invalid, they might prevent the apps from running (as their cert is now untrusted) - note that you can provide ways around that (e.g. checking if the cert was valid when it was issued vs. checking if it would be valid now), but for a device that’s designed to be able to get updates, you might have forgotten that or didn’t think it was an issue or…
      • Majestic@lemmy.ml
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 hours ago

        Yes. Certs can expire after whatever time the issuer wants to set for them. That could be six months or 20 years. Some infrastructure has limits on max and min lengths (more max than min usually) but not all and there are best practices as well.

        More importantly the certs could have been five years old by the time this person got the TV for a total age of 8 years.