This article isn’t completely genuine. And it is important to understand that.
eIDAS came into effect in 2016 and was around the oversight of online identification. This PROPOSED change is around allowing the EU to impersonate anyone getting a CA that is valid in the EU.
Now this is concerning but will never pass. Your bank needs to be assured that their CA can only be validated by them. Your insurance agency, your ecommerce sites…
It won’t work, it breaks network trust by definition.
As soon as they try to push this through, banks, insurance and tech companies will push back and this will die.
Banks don’t want the security model to be undermined because it will have a massive impact on the escrow services which underpin the digital economy.
If the CA owner can be impersonated then your bank can be impersonated, your online vendor can be impersonated and your e-commerce is dead.
Considering that this has been in the works for a yeartwo years already and there haven’t been any reports of banks and insurance agencies objecting, your version of “it can’t happen here” seems less than fully convincing.
The fact it has been in the works for two years and not passed tells me that the powers that be are working to stop it in the background.
I could be wrong, we will have to wait and see. But this is not the first or last time I have seen governments try to break authentication without success.
I can only hope that this is what is going to happen. It’s a stupid idea and I have no clue why noone things about the consequences and evaluates if it’s for the better or worse…
Agreed. PwC, big banks and the internet as a whole would stand against such policy, giving institutions the power to destroy the very basis of internet trust is simply asking for the entire system to become discredited
This article isn’t completely genuine. And it is important to understand that.
eIDAS came into effect in 2016 and was around the oversight of online identification. This PROPOSED change is around allowing the EU to impersonate anyone getting a CA that is valid in the EU.
Now this is concerning but will never pass. Your bank needs to be assured that their CA can only be validated by them. Your insurance agency, your ecommerce sites…
It won’t work, it breaks network trust by definition.
As soon as they try to push this through, banks, insurance and tech companies will push back and this will die.
Banks don’t want the security model to be undermined because it will have a massive impact on the escrow services which underpin the digital economy.
If the CA owner can be impersonated then your bank can be impersonated, your online vendor can be impersonated and your e-commerce is dead.
Dumb idea and won’t happen.
Considering that this has been in the works for
a yeartwo years already and there haven’t been any reports of banks and insurance agencies objecting, your version of “it can’t happen here” seems less than fully convincing.The fact it has been in the works for two years and not passed tells me that the powers that be are working to stop it in the background.
I could be wrong, we will have to wait and see. But this is not the first or last time I have seen governments try to break authentication without success.
Mozilla says that it’s fairly close to passing though: https://last-chance-for-eidas.org/
Well I’ll eat my words if this passes. But I don’t see it happening.
I hope you’re right!
I can only hope that this is what is going to happen. It’s a stupid idea and I have no clue why noone things about the consequences and evaluates if it’s for the better or worse…
Agreed. PwC, big banks and the internet as a whole would stand against such policy, giving institutions the power to destroy the very basis of internet trust is simply asking for the entire system to become discredited