- cross-posted to:
- europe@feddit.de
- cross-posted to:
- europe@feddit.de
There is a discussion on Hacker News, but feel free to comment here as well.
This is the best summary I could come up with:
Lawmakers in Europe are expected to adopt digital identity rules that civil society groups say will make the internet less secure and open up citizens to online surveillance.
Thus, using a proxy in a man-in-the-middle attack, that government can intercept and decrypt the encrypted HTTPS traffic between the website and its users, allowing the regime to monitor exactly what people are doing with that site at any time.
How that compares to today’s surveillance laws and powers isn’t clear right now, but that’s the basically what browser makers and others are worried about: government-controlled CAs being abused to issue certificates to websites that allow for interception.
An authority purge of this sort occurred last December when Mozilla, Microsoft, Apple, and later Google removed Panama-based TrustCor from their respective lists of trusted certificate providers.
“Article 45 forbids browsers from enforcing modern security requirements on certain CAs without the approval of an EU member government,” the Electronic Frontier Foundation (EFF) warned on Tuesday.
Mozilla and a collection of some 400 cyber security experts and non-governmental organizations published an open letter last week urging EU lawmakers to clarify that Article 45 cannot be used to disallow browser trust decisions.
The original article contains 965 words, the summary contains 196 words. Saved 80%. I’m a bot and I’m open source!