The European Union continues on its path to eIDAS 2.0, which includes the controversial Article 45 that basically tells browsers which certification authorities (CAs) to trust. eIDAS, which stands for electronic identification and trust services, is a framework aimed at regulating electronic transactions. As part of this proposal, the EU wants to support embedding identities in website certificates. In essence, the goal is to bring back Extended Validation (EV) certificates.
Browsers—of course—don’t want that, but the real problem is the fact that, with the legal text as it is at the moment, in its near-final form, the EU gets the final say in which CAs are trusted. The global security community has been fighting against Article 45 for more than two years now; we wrote about it on a couple of occasions. As of November 2023, the European Council and Parliament have reached a provisional agreement. The next step is for the law to be put to the vote, which is usually a formality.
You nailed it. Sadly so. I weep for the future of the net. It's been going downhill for many many years now
Let’s make our own internet. With blackjack and hookers, and E2EE and no ads and no data harvesting.
Unexpected futurama-reference :-)