eIDAS 2.0 Sets a Dangerous Precedent for Web Security | Electronic Frontier Foundation
▻https://www.eff.org/deeplinks/2022/12/eidas-20-sets-dangerous-precedent-web-security
In a nutshell, the EU is mandating that browsers accept EU member state-issued Certificate Authorities (CAs) and not remove them even if they are unsafe. If you think this sounds bad, you’re right. Multiple times, EFF, along with other security experts and researchers, urged EU government regulators to reconsider the amended language that fails to provide a way for browsers to act on security incidents. There were several committees that supported amending the language, but the EU council went ahead and adopted this highly flawed language.
Via
lebout2canap
▻https://framapiaf.org/@lebout2canap@mastodon.tedomum.net/109500396027743171
C’est absolument catastrophique, l’UE vient d’autoriser les états membres à imposer aux navigateurs web d’accepter et reconnaître des certificats non sécurisés. Cela ouvre la possibilité à une surveillance généralisée à moindre frais, on peut penser à Viktor Orban, mais ça ne sera pas réservé qu’aux démocraties illibérales les plus flagrantes.