Ken BuchananNov 7, 2023
April King

if the EU passes eIDAS 2.0 (article 45), we will be rolling back the clock to Netscape Navigator Export Edition, a reference that approximately 1% of my audience will understand.

https://www.eff.org/deeplinks/2023/11/article-45-will-roll-back-web-security-12-years

Article 45 Will Roll Back Web Security by 12 Years

The EU is poised to pass a sweeping new regulation, eIDAS 2.0. Buried deep in the text is Article 45, which returns us to the dark ages of 2011, when certificate authorities (CAs) could collaborate with governments to spy on encrypted traffic—and get away with it. Article 45 forbids browsers from...

Electronic Frontier Foundation
Nov 7, 2023 at 7:08pmWeb
Show threadElias ProbstNov 7, 2023
@april
Show threadApril KingNov 7, 2023
@eliasp hello fellow old
Show threadMark R. StonemanNov 7, 2023
@april I'm guessing this is something people can work around with a VPN? Still, very strange.
Show threadApril KingNov 7, 2023
@markstoneman not sure what the final outcome would be, but I wouldn't be surprised to see an "EU browser" that allows these government CAs, and a non-EU version, that blocks them.
Show threadsauaNov 7, 2023
@april I hate the fact that this might be happening, but I hate it almost as much that I understood that reference.
Show threadApril KingNov 7, 2023
@saua your back hurts too, huh?
Show threadOtownKimNov 7, 2023
@april @saua 😅😅
Show threadninkosanNov 7, 2023
@april oh no, I’m old.
Show threadChris PetrilliNov 7, 2023
@april
Show threadApril KingNov 7, 2023
@petrillic sorry to hear about your knees and lower back
Show threadSecureWaffle🧇Nov 7, 2023
@april
Not good
Show threadOtownKimNov 7, 2023
@april Oh the lovely sound of dial up 😅
Show threadOliver HuntNov 7, 2023
@april At last, I am the 1%!
Show threadRobNov 7, 2023
@april Good thing I kept that old 56K dial-up modem - you never know what the EU will do for their next trick
Show threadAlexander K‮kn‭liNov 7, 2023
@april @matedealer 👋
Show threadSolarbird Nov 8, 2023

@april I get it!

Somewhere I still even have the munition sweatshirt!

Show threadlechaviroNov 8, 2023
@april
Cette campagne est surtout une guéguerre entre l'EU et Google, dont Mozilla se fait le relais, sur des enjeux pas très clairs (marché des certificats SSL ? Attaques de Google contre les AC ?).
La protection des citoyens et des libertés n'a vraiment rien à voir là dedans🤔
@apyth
Show thread██████████████████████████████Nov 8, 2023
@april
64bit encryption ought to be enough for everyone lol
@lisamelton
Show threadJohn HNov 8, 2023
@april @ShadowJonathan And my guess is that this is one piece of EU legislation that Brexit Britain will mimic enthusiastically (rather than our usual petty contrarianism over things like USB-C)
Show threadGraham IXNov 8, 2023
@april more than 40 bits is just *greedy*
Show threadmoduluxNov 8, 2023
@april One thing I'm not very clear on is what's supposed to be the enforcement mechanism. Regulation says browsers shall, but what if they don't?
Show threadkravietz 🦇Nov 8, 2023

@april

The outcry about #eIDAS is highly manipulative and very much resembles the infamous #ACTA2 campaign, where a number of US-based companies unrolled a fake “grassroots protest” against an EU regulation that was hurting their business but protected rights of EU citizens. Many people have fallen for it, so I will explain what’s wrong with this claim:

full text here: https://agora.echelon.pl/notice/AbOiM4RCpo4HpQzYzQ

kravietz 🦇 (@[email protected])

The outcry about #eIDAS is highly manipulative and very much resembles the infamous #ACTA2 campaign, where a number of US-based companies unrolled a fake "grassroots protest" against an EU regulati...

Show threadlick here for more infoNov 8, 2023
@kravietz thank you for linking that thread, I was worried there actually is some nuance to this but since your argument seems to be "it's a good idea to give all EU countries full and irrevocable MITM rights on all TLS traffic because abuse of power has never happened and is impossible in EU, also eID good and this is somehow related to the topic", I clearly have nothing to worry about. #eIDas
Show threadkravietz 🦇Nov 8, 2023
@virtulis

Would you characterize WebTrust as "full and irrevocable MITM right on all TLS traffic granted to a cartel of US companies with a history of privacy violations"? 🤔
Show threadlick here for more infoNov 8, 2023
@kravietz it has been clearly and repeatedly demonstrated to be auditable and revocable, so no. https://sslmate.com/resources/certificate_authority_failures
Timeline of Certificate Authority Failures - SSLMate

Show threadAnthony GiorgioNov 8, 2023
@april Can we just publish the source code in a book and send it out via mail? That's how PGP "international" edition was distributed back in the day.