• TheLurker@lemmy.world
    link
    fedilink
    English
    arrow-up
    81
    arrow-down
    2
    ·
    1 year ago

    This article isn’t completely genuine. And it is important to understand that.

    eIDAS came into effect in 2016 and was around the oversight of online identification. This PROPOSED change is around allowing the EU to impersonate anyone getting a CA that is valid in the EU.

    Now this is concerning but will never pass. Your bank needs to be assured that their CA can only be validated by them. Your insurance agency, your ecommerce sites…

    It won’t work, it breaks network trust by definition.

    As soon as they try to push this through, banks, insurance and tech companies will push back and this will die.

    Banks don’t want the security model to be undermined because it will have a massive impact on the escrow services which underpin the digital economy.

    If the CA owner can be impersonated then your bank can be impersonated, your online vendor can be impersonated and your e-commerce is dead.

    Dumb idea and won’t happen.

    • kbal@fedia.io
      link
      fedilink
      arrow-up
      20
      arrow-down
      1
      ·
      edit-2
      1 year ago

      Considering that this has been in the works for a year two years already and there haven’t been any reports of banks and insurance agencies objecting, your version of “it can’t happen here” seems less than fully convincing.

      • TheLurker@lemmy.world
        link
        fedilink
        English
        arrow-up
        9
        ·
        edit-2
        1 year ago

        The fact it has been in the works for two years and not passed tells me that the powers that be are working to stop it in the background.

        I could be wrong, we will have to wait and see. But this is not the first or last time I have seen governments try to break authentication without success.

    • Mixel@feddit.de
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      I can only hope that this is what is going to happen. It’s a stupid idea and I have no clue why noone things about the consequences and evaluates if it’s for the better or worse…

    • cannache@slrpnk.net
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Agreed. PwC, big banks and the internet as a whole would stand against such policy, giving institutions the power to destroy the very basis of internet trust is simply asking for the entire system to become discredited