- cross-posted to:
- privacy@lemmy.ml
- cross-posted to:
- privacy@lemmy.ml
EU Article 45 requires that browsers trust certificate authorities appointed by governments::The EU is poised to pass a sweeping new regulation, eIDAS 2.0. Buried deep in the text is Article 45, which returns us to the dark ages of 2011, when certificate authorities (CAs) could collaborate with governments to spy on encrypted traffic—and get away with it. Article 45 forbids browsers from…
Seems great, if they achieve the same security standards as a private company I don’t see why we cannot have public CAs.
And how long will it take for intelligence agencies to start issuing fake but trusted certificates for surveillance?
They don’t already?
They do.
They already do it.
Yes, private companies are invulnerable to this ploy