this post was submitted on 02 Nov 2023
95 points (97.0% liked)

Technology

34702 readers
676 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.

Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.

Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
[email protected]
95
Last Chance to fix eIDAS: Secret EU law threatens Internet security — Mozilla (last-chance-for-eidas.org)
submitted 11 months ago by [email protected] to c/[email protected]
16 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 20 points 11 months ago (2 children)

This is a shit show. People complain a lot about the UK breaking encryption and meanwhile the EU is doing the same, at a higher level without people even noticing.

Here the TL:DR; for anyone unfamiliar with the subject: eIDAS includes a lot of useful stuff but also requires browser to include CA designed by member states. Including a CA means that entity can issue SSL certificates that will be accepted / valid on those browser > this means the countries controlling those CA's can simply argue "national security" and have those CA's issue SSL certificates for ANY domain they would like and then use them to launch a man-in-the-middle attack against anyone they would like to. :)

[–] [email protected] 4 points 11 months ago (1 children)

How long before the devs or an extension give us the option to manually distrust CAs?

[–] [email protected] 7 points 11 months ago (1 children)

The proposed legislation says that browsers "can't do adicional validations on the certificates from the CA" (more or less this wording) meaning a simple check CAA DNS check from a browser would be against said legislation.

[–] [email protected] 1 points 11 months ago (1 children)

Does a "warning, cert issued by a government agency" count as additional validation?

Or maybe everyone is going to use cert pinning now. Or Firefox is going to stop trusting all CAs and make you verify each CA yourself. Which is a terrible idea for the average user.

[–] [email protected] 1 points 11 months ago

Does a “warning, cert issued by a government agency” count as additional validation?

From what I gather they can't do that either.

Or maybe everyone is going to use cert pinning now.

Same as above. This would be effectively "adicional validations on the certificates".

Or Firefox is going to stop trusting all CAs and make you verify each CA yourself. Which is a terrible idea for the average user.

Would be legal but annoying. Bet they would legislate to force their CAs / be exempt from that user verification.

[–] [email protected] 0 points 11 months ago

without people even noticing.

Have you been living under a rock