Comment on EU Article 45 requires that browsers trust certificate authorities appointed by governments

<- View Parent
topperharlie@lemmy.world ⁨11⁩ ⁨months⁩ ago

you seem to know what you are talking about and I looked into this very long ago, maybe you can help me understand.

From what I can understand reading most of the article this forces browsers to accept the certificates, but it doesn’t force the websites to use them, right?

So what is stopping Firefox from showing a warning (like the lock icon being orange, but it could also be a more intrusive message) stating that the certificate was issued by a country and/or doesn’t fullfil modern security standards in case one of these CAs is used?

On top of that, the CA doesn’t really encrypt the private key of the domain, it just adds a signature stating that the message with the salt and the public key are legit, right? everyone seems to think the government itself will be able to passively see the traffic, but if I remember correctly they would have to gateway the whole transaction (I’m guessing the browser will also have a cache of keys and this could become a bit tricky to do in a global way)

But of course we all know how technologically illiterate governments are (there could be one good, but there will be some “less good” for sure). So yeah, it does sound like a horrible idea to begin with. Because if a CA starts being insecure nowadays browsers can just remove them and go with their life, but if there is a law forcing browsers wouldn’t be able to.

I’m just curious about the specifics in case I’m outdated on what I remember.

source
Sort:hotnewtop