If you’re not an EU citizen, not much. But if you are a cybersecurity expert, researcher or represent an NGO, you can sign the open letter at https://eidas-open-letter.org.
Yes, you’re right, we can’t do a lot. But we can write to the member of the European Parliament who is responsible (Romana Jerković), and we can vote in our national elections and the European one coming up next year, so that’s something.
We both know the way the EU voting process takes place essentially makes it so we (the people) don’t have much of a real impact on the policy or on what happens over there. They kinda created this abstract super govt that is a lot of things but not democratic. I guess this is the price we pay when trying to bungle together a bunch of corrupt democracies. :P
At the same time, the power of the EU is, however indirectly, based on the votes of the people, and if enough people disagree they might just change their minds a little. I guess the best thing you could do, therefore, is to spread the word.
Shit, the EU’s really on a roll with these draconian laws. There’s also the “chat control” bullshit that’ll wreck end-to-end encryption (see eg https://mullvad.net/en/chatcontrol for a list of sources)
This is a shit show. People complain a lot about the UK breaking encryption and meanwhile the EU is doing the same, at a higher level without people even noticing.
Here the TL:DR; for anyone unfamiliar with the subject: eIDAS includes a lot of useful stuff but also requires browser to include CA designed by member states. Including a CA means that entity can issue SSL certificates that will be accepted / valid on those browser > this means the countries controlling those CA’s can simply argue “national security” and have those CA’s issue SSL certificates for ANY domain they would like and then use them to launch a man-in-the-middle attack against anyone they would like to. :)
The proposed legislation says that browsers “can’t do adicional validations on the certificates from the CA” (more or less this wording) meaning a simple check CAA DNS check from a browser would be against said legislation.
Does a “warning, cert issued by a government agency” count as additional validation?
Or maybe everyone is going to use cert pinning now. Or Firefox is going to stop trusting all CAs and make you verify each CA yourself. Which is a terrible idea for the average user.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.
Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.
Rules:
1: All Lemmy rules apply
2: Do not post low effort posts
3: NEVER post naziped*gore stuff
4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.
5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)
6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist
7: crypto related posts, unless essential, are disallowed
deleted by creator
If you’re not an EU citizen, not much. But if you are a cybersecurity expert, researcher or represent an NGO, you can sign the open letter at https://eidas-open-letter.org.
deleted by creator
Not even “regular” EU citizens can to much about it it seems.
Yes, you’re right, we can’t do a lot. But we can write to the member of the European Parliament who is responsible (Romana Jerković), and we can vote in our national elections and the European one coming up next year, so that’s something.
We both know the way the EU voting process takes place essentially makes it so we (the people) don’t have much of a real impact on the policy or on what happens over there. They kinda created this abstract super govt that is a lot of things but not democratic. I guess this is the price we pay when trying to bungle together a bunch of corrupt democracies. :P
At the same time, the power of the EU is, however indirectly, based on the votes of the people, and if enough people disagree they might just change their minds a little. I guess the best thing you could do, therefore, is to spread the word.
Shit, the EU’s really on a roll with these draconian laws. There’s also the “chat control” bullshit that’ll wreck end-to-end encryption (see eg https://mullvad.net/en/chatcontrol for a list of sources)
The eu is very upset about this opposition, and published a hit piece “fact checking” pdf against it.
I would’ve been more surprised if EU wasn’t arguing in favour of their proposal
This is a shit show. People complain a lot about the UK breaking encryption and meanwhile the EU is doing the same, at a higher level without people even noticing.
Here the TL:DR; for anyone unfamiliar with the subject: eIDAS includes a lot of useful stuff but also requires browser to include CA designed by member states. Including a CA means that entity can issue SSL certificates that will be accepted / valid on those browser > this means the countries controlling those CA’s can simply argue “national security” and have those CA’s issue SSL certificates for ANY domain they would like and then use them to launch a man-in-the-middle attack against anyone they would like to. :)
deleted by creator
The proposed legislation says that browsers “can’t do adicional validations on the certificates from the CA” (more or less this wording) meaning a simple check CAA DNS check from a browser would be against said legislation.
Does a “warning, cert issued by a government agency” count as additional validation?
Or maybe everyone is going to use cert pinning now. Or Firefox is going to stop trusting all CAs and make you verify each CA yourself. Which is a terrible idea for the average user.
From what I gather they can’t do that either.
Same as above. This would be effectively “adicional validations on the certificates”.
Would be legal but annoying. Bet they would legislate to force their CAs / be exempt from that user verification.
Have you been living under a rock