Note: Since for more than a year I’ve been reading about the downsides of the eIDAS legislation. Their sources where mostly DOT.com US entities. The same stuff happened when the EU implemented the new GDPR and now similar things happen with the. upcoming eIDAS 2.0 and the the upcoming AI law. Here I outline the EU position to clarify the situation. This isn’t news, but Since the anti e-IEDAS campaign keeps pushing the agenda it’s still relevant imo.
"The discussion on the eIDAS Regulation has entered its most important phase in the European Parliament and Council. Mozilla has recently launched a campaign in the form of a website aimed at political decision-makers, but also the general public.
“As with the Google response, you are taking a very US-centric approach to lobbying that is only going to reduce the chance of influencing the outcome. EU politics are not the same as US politics.”
Here( link ESD Experts support decision trilogue; answer to mozilla the overview fact sheet.
Edit 1 & 2: Sorry, no ill intent. It seems something went wrong while shortening & copying this link title:" ESD Experts Support Trilogue Compromise and Emphasize Necessity for Highest Security of the Internet
ESD is a European lobby group consisting of the CEOs of Europe’s leading trust service providers.
Can I have an ELi5?
Some people want to legally compel your web browser to trust ssl cert authorities blessed by national governments, even if they become untrustworthy.
Actually, it seems that eIDAS 2.0 won’t do that for webbrowsers, as I recently learned from EU comments on that issue.
But you prefer that a commercial US company issues them likeDigiCert ?
The Register has also covered it recently and specifically talks about the “2.0” version.
Also the Register literally quotes mozilla " As Firefox maker Mozilla put it:
This enables the government of any EU member state to issue website certificates for interception and surveillance which can be used against every EU citizen, even those not resident in or connected to the issuing member state. There is no independent check or balance on the decisions made by member states with respect to the keys they authorize and the use they put them to."
Why are you using US sites for EU legislation? Here the current state of affairs. Its an ongoing process.
Revision of the eIDAS Regulation – European Digital Identity (EUid)*
The Reg is not a USA-based publication. There are an abundance of non-Mozilla sources on this topic, some of which it links to. Mozilla is not some sinister conspiracy. I don’t know what motivates your crusade against them. Possibly the same kind of disinformation that some of the more optimistic eIDAS proponents hope it can somehow prevent.
I am not. I just wonder why, mozilla seems to be the major source of most publications against the eIDAS.
I thought my intro was fairly nuanced and contextual. I was looking for other and new viewpoints towards the eIDAS discussion, which are not using or quoting mozilla and art 45. Or sources with a different opinion or take on the matter.
Never said it was. I like privacy that’s why I’m concerned and interested.
But the ESD experts did say it was misinformation, and like they claim mozilla is being payed by Google according to wiki and pc magazine
But apperantly you trust mozilla more though they just follow a business model. So maybe its all about trust. I will remain critical and see how it develops.
Browsers aren’t mandated by law to include DigiCert root CA. If they pull sketchy shit they’ll get grilled faster than you can say “self-signed certificate”: https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/heXVr8o83Ys
edit: ah, I just read the whole mailing list thread, I see the argument now
A law that allows government to force browser makers to bake in Spyware and spoof shit. Very very fucked up.