The Council of the European Union this week adopted new language for regulations governing internet systems that may put the security of your browser at greater risk.
The new language affects the EU’s electronic identification, authentication and trust services (eIDAS) rules, which are supposed to enable secure online transactions across countries in the EU. It contained a range of updates that raised privacy concerns for EU citizens about the European Digital Identity Wallet, a government app for storing personal information like drivers’ licenses and bank cards and making electronic payments via smartphones.
But some of the updates also impact web security that could expand beyond the EU, as other governments could choose to follow the EU’s example and adopt similarly flawed frameworks.
In a nutshell, the EU is mandating that browsers accept EU member state-issued Certificate Authorities (CAs) and not remove them even if they are unsafe. If you think this sounds bad, you’re right. Multiple times, EFF, along with other security experts and researchers, urged EU government regulators to reconsider the amended language that fails to provide a way for browsers to act on security incidents. There were several committees that supported amending the language, b
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: