Article 45 Will Roll Back Web Security by 12 Years
www.eff.org
The EU is poised to pass a sweeping new regulation, eIDAS 2.0. Buried deep in the text is Article 45, which returns us to the dark ages of 2011, when certificate authorities (CAs) could collaborate with governments to spy on encrypted traffic—and get away with it. Article 45 forbids browsers from...

EU Article 45 requires that browsers trust certificate authorities appointed by governments::The EU is poised to pass a sweeping new regulation, eIDAS 2.0. Buried deep in the text is Article 45, which returns us to the dark ages of 2011, when certificate authorities (CAs) could collaborate with governments to spy on encrypted traffic—and get away with it. Article 45 forbids browsers from…

  • pastermil@sh.itjust.worksEnglish
    1394·
    10 months ago

    What the fuck is EU doing? Why are they trying so hard to participate in the enshitification effort?

    • MeanEYE@lemmy.worldEnglish
      391·
      10 months ago

      Personal ID cards have certificates on them issued by the government. These certificates can be used for anything from digitally signing documents to logging in to government web sites without having yet another user/pass. So far situations was a nightmare.

      Government provided tools and plugins for browsers to support logging in and signing, but it’s been a shitshow when it comes to support. Pretty much only Windows and only certain versions of it and even then it worked half of the time. You had to install certificate manually and trust, etc. Am assuming this is to make sure these services work but also so they can issue certificates for their own web sites.

      • pastermil@sh.itjust.worksEnglish
        253·
        10 months ago

        Personal digital certificate sounds like an awesome concept. Too bad the implementation seems so narrow-minded. Typical beaureaucrats.

        • Coasting0942@reddthat.comEnglish
          14·
          10 months ago

          They want to make all the decisions but are also mad that the IT guy presentation is taking to long and isn’t using simpler language

        • Sylocule@lemmy.oneEnglish
          11·
          10 months ago

          We have them in Spain. Really useful as my accountant has a copy of mine for my tax filing on their windows machines and I have it installed on my Linux laptop for interfacing with gov sites

              • dwalin@lemmy.worldEnglish
                8·
                10 months ago

                Lol such a bad idea. In Portugal your accountant could sign almost any document with it.

                • nexusband@lemmy.worldEnglish
                  5·
                  10 months ago

                  Same in Germany. You can grant access to the accountant to that data, but never ever with your private key… Giving away your private key is a horrible idea…

          • MeanEYE@lemmy.worldEnglish
            2·
            10 months ago

            I did a different thing. I ordered a separate certificate, gave it to my assistant who handles tax things with my accountant, but am the only one with password. They don’t really remember or write down password because it gives them fewer things to worry about and we have sufficient security this way.