Parade du Grotesque 💀
If that piece of _____ eIDAS 2.0 ever passes, the only ways to maintain security will be:
- download the "International" version of, say Firefox, or:
- download an untampered version of the Mozilla CAs from abroad, or:
- blacklist the updates of your browser, so it stays on a pre-eIDAS version and untampered CA (less than ideal for security reasons).
Am I doing this right?
Either way, I suspect this is yet something that will only affect the less tech-savy.
Joe Ortiz
@fedops @ParadeGrotesque The issue in this case is the EU telling these browsers that they're in charge of CA security and We'll install a backdoor into the certificates. As the EFF says, this will set web security back 12 years at least.
Parade du Grotesque 💀
See these links, courtesy of @joeo10 :
https://www.eff.org/deeplinks/2023/11/article-45-will-roll-back-web-security-12-years
fedops 💙💛
@ParadeGrotesque @joeo10 mh interesting, thanks. Not great.
I actually see this as an issue for the OS more so than a browser. With Firefox for example maintaining its own certificate store it should be doable to just remove the problematic certificates. But on android or windows with browsers that use the OS store it would become really problematic.
fedops 💙💛
@ParadeGrotesque is that really so? The only thing I see so far are requirements for operators of certificate authorities. Which personally I think is a good idea, based on the amount of fly-by-night outfits.
But I don't claim to have anything approaching the complete picture. Pointers appreciated. 👍
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.