Article 45 Will Roll Back Web Security by 12 Years
www.eff.org
The EU is poised to pass a sweeping new regulation, eIDAS 2.0. Buried deep in the text is Article 45, which returns us to the dark ages of 2011, when certificate authorities (CAs) could collaborate with governments to spy on encrypted traffic—and get away with it. Article 45 forbids browsers from...

EU Article 45 requires that browsers trust certificate authorities appointed by governments::The EU is poised to pass a sweeping new regulation, eIDAS 2.0. Buried deep in the text is Article 45, which returns us to the dark ages of 2011, when certificate authorities (CAs) could collaborate with governments to spy on encrypted traffic—and get away with it. Article 45 forbids browsers from…

  • ShunkW@lemmy.worldEnglish
    482·
    8 months ago

    What a fucking nightmare. And I thought the US was bad about trying to encroach more on privacy.

    • MeanEYE@lemmy.worldEnglish
      56·
      8 months ago

      Am thinking this looks like a nightmare but their intentions are actually different. However giving any kind of power to government is almost universally bad idea since it’s guaranteed to be abused, no matter the initial reason it was added.

        • MeanEYE@lemmy.worldEnglish
          64·
          8 months ago

          I can actually think of more reasons that it’s a legitimate request than a shady one.

            • MeanEYE@lemmy.worldEnglish
              1·
              8 months ago

              Well, like I wrote in other comment of mine. Governments here issue personal certificates signed by government ones. These personal certificates can then be used to digitally sign documents and tax reports. It can be used to log into government web sites and many similar uses. These certificates that EU says browsers have to accept are the same ones everyone already uses for biometric passports. If browser accepted these root certificates, then things would be significantly easier to support. No software installation required.

              People seem to think this will be used for nefarious cases, but in reality people just install government issued software without thinking. Well, any software without thinking. During that installation you can already add certificate to browser and whole OS. It’s just easier and better supported if they go through public way instead of having to support multiple OS installations and similar issues.

              • ShunkW@lemmy.worldEnglish
                1·
                8 months ago

                Yeah that argument holds zero water. Forcing browsers to trust these roots means not only pre-trusting them, but disallowing removal of trust. This is completely intended for surveillance purposes.