EU Article 45 requires that browsers trust certificate authorities appointed by governments::The EU is poised to pass a sweeping new regulation, eIDAS 2.0. Buried deep in the text is Article 45, which returns us to the dark ages of 2011, when certificate authorities (CAs) could collaborate with governments to spy on encrypted traffic—and get away with it. Article 45 forbids browsers from…

  • MeanEYE@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    It should be every country in EU and those looking to join to have certificates on their id cards. Am thinking they are just trying to expedite the process. EU could easily create their own regulatory body and get approved by other root certificate holders to establish path of trust, but most likely it complicates things and/or takes too long.

    Not to sound too pessimistic but making a browser trust another certificate is not that difficult. If they wanted to MITM attack anyone it would be fairly easy given that people usually install software from any source let alone government without thinking twice. During that installation another certificate can be added to the list of trusted roots and problem solved. It wouldn’t be harder to achieve and it would be much harder to detect.

      • MeanEYE@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        It’s kind of sad when government moves faster than your triage team. Definitely want to speed that one up.