• sovietknuckles [they/them]@hexbear.net
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    But one of the requirements of eIDAS 2.0 is that browser makers trust government-approved Certificate Authorities (CA) and do not implement security controls beyond those specified by the European Telecommunications Standards Institute (ETSI).

    State-mandated backdoors seem bad

    • Boomkop3@reddthat.com
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      I’m kinda disappointed this is happening again. Certificate authorities just say “this person is who they say they are”. They can’t reroute traffic, trick you into connecting to the wrong ip, or decrypt traffic