EU Article 45 requires that browsers trust certificate authorities appointed by governments::The EU is poised to pass a sweeping new regulation, eIDAS 2.0. Buried deep in the text is Article 45, which returns us to the dark ages of 2011, when certificate authorities (CAs) could collaborate with governments to spy on encrypted traffic—and get away with it. Article 45 forbids browsers from…

  • pastermil@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    23
    arrow-down
    3
    ·
    1 year ago

    Personal digital certificate sounds like an awesome concept. Too bad the implementation seems so narrow-minded. Typical beaureaucrats.

    • Coasting0942@reddthat.com
      link
      fedilink
      English
      arrow-up
      12
      ·
      1 year ago

      They want to make all the decisions but are also mad that the IT guy presentation is taking to long and isn’t using simpler language

    • MeanEYE@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      1
      ·
      1 year ago

      My country has half-assed implementation but in general it has been great. For any signing I can just shove my personal id, enter pin and document is cryptographically signed. No alteration possible. And since government is the issuer of the certificate, no one can fake it. We have our e-government thing also, where you can do a lot of things, from checking your kids grades in school to theoretically handling all of the documentation you might need. Personal id is used to login into that service. Shove a card, enter pin and you are there. No sign up, remember password, etc. I have even set up, at one point, login into my computer using my personal id, out of curiosity as it held no other benefit. Had to add that root certificate to my machine though.

      Sadly it all sounds great on paper, but execution is lacking. Some things still require pen and paper and it’s annoying, but we’ll get there. That’s why my assumption is governments wanting to push for easier integration. Then all you’d need was card reader and a browser. Which also the reason why I don’t think they are trying to push this idea for nefarious purposes. People download and install government software without thinking or double-checking all the time. Adding certificate through any installation wouldn’t be much of a challenge.

      • nexusband@lemmy.world
        link
        fedilink
        English
        arrow-up
        9
        arrow-down
        1
        ·
        1 year ago

        “No one can fake it” Oh boy. This is going to be an utterly horrible future.

    • Sylocule@lemmy.one
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      We have them in Spain. Really useful as my accountant has a copy of mine for my tax filing on their windows machines and I have it installed on my Linux laptop for interfacing with gov sites

          • dwalin@lemmy.world
            link
            fedilink
            English
            arrow-up
            10
            ·
            1 year ago

            Lol such a bad idea. In Portugal your accountant could sign almost any document with it.

            • nexusband@lemmy.world
              link
              fedilink
              English
              arrow-up
              5
              ·
              1 year ago

              Same in Germany. You can grant access to the accountant to that data, but never ever with your private key… Giving away your private key is a horrible idea…

      • MeanEYE@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I did a different thing. I ordered a separate certificate, gave it to my assistant who handles tax things with my accountant, but am the only one with password. They don’t really remember or write down password because it gives them fewer things to worry about and we have sufficient security this way.