Europe

8484 readers

2 users here now

News/Interesting Stories/Beautiful Pictures from Europe 🇪🇺

(Current banner: Thunder mountain, Germany, 🇩🇪 ) Feel free to post submissions for banner pictures

Rules

(This list is obviously incomplete, but it will get expanded when necessary)

Be nice to each other (e.g. No direct insults against each other);
No racism, antisemitism, dehumanisation of minorities or glorification of National Socialism allowed;
No posts linking to mis-information funded by foreign states or billionaires.

Also check out !yurop@lemm.ee

founded 2 years ago

MODERATORS

poVoq@slrpnk.net

162

Bad eIDAS: Europe ready to intercept, spy on your encrypted HTTPS connections (www.theregister.com)

submitted 2 years ago by throws_lemy@lemmy.nz to c/europe@feddit.de

29 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] TheLurker@lemmy.world 75 points 2 years ago (4 children)

This article isn't completely genuine. And it is important to understand that.

eIDAS came into effect in 2016 and was around the oversight of online identification. This PROPOSED change is around allowing the EU to impersonate anyone getting a CA that is valid in the EU.

Now this is concerning but will never pass. Your bank needs to be assured that their CA can only be validated by them. Your insurance agency, your ecommerce sites...

It won't work, it breaks network trust by definition.

As soon as they try to push this through, banks, insurance and tech companies will push back and this will die.

Banks don't want the security model to be undermined because it will have a massive impact on the escrow services which underpin the digital economy.

If the CA owner can be impersonated then your bank can be impersonated, your online vendor can be impersonated and your e-commerce is dead.

Dumb idea and won't happen.

[–] kbal@fedia.io 18 points 2 years ago* (last edited 2 years ago) (1 children)

Considering that this has been in the works for ~~a year~~ two years already and there haven't been any reports of banks and insurance agencies objecting, your version of "it can't happen here" seems less than fully convincing.

[–] TheLurker@lemmy.world 9 points 2 years ago* (last edited 2 years ago)

The fact it has been in the works for two years and not passed tells me that the powers that be are working to stop it in the background.

I could be wrong, we will have to wait and see. But this is not the first or last time I have seen governments try to break authentication without success.

[–] Vincent@kbin.social 13 points 2 years ago (1 children)

Mozilla says that it's fairly close to passing though: https://last-chance-for-eidas.org/

[–] TheLurker@lemmy.world 6 points 2 years ago (1 children)

Well I'll eat my words if this passes. But I don't see it happening.

[–] Vincent@kbin.social 3 points 2 years ago

I hope you're right!

[–] Mixel@feddit.de 7 points 2 years ago

I can only hope that this is what is going to happen. It's a stupid idea and I have no clue why noone things about the consequences and evaluates if it's for the better or worse..

[–] Cannacheques@slrpnk.net 3 points 2 years ago

Agreed. PwC, big banks and the internet as a whole would stand against such policy, giving institutions the power to destroy the very basis of internet trust is simply asking for the entire system to become discredited