516
submitted 1 year ago by L4s@lemmy.world to c/technology@lemmy.world

EU Article 45 requires that browsers trust certificate authorities appointed by governments::The EU is poised to pass a sweeping new regulation, eIDAS 2.0. Buried deep in the text is Article 45, which returns us to the dark ages of 2011, when certificate authorities (CAs) could collaborate with governments to spy on encrypted traffic—and get away with it. Article 45 forbids browsers from...

you are viewing a single comment's thread
view the rest of the comments
[-] CrabLangEnjoyer@lemmy.world 10 points 1 year ago

The government CA could just issue a new certificate for let's say Google, force your ISP to return a wrong IP when you ask your ISPs dns server what the address of Google is and then return a fake Google page instead or forward traffic to Google on your behalf and read all data. And since your browser trusts the new fake Google certificate from the government you won't get any https error or warning.

this post was submitted on 10 Nov 2023
516 points (98.9% liked)

Technology

60108 readers
2179 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS