The EU is poised to pass a sweeping new regulation, eIDAS 2.0. Buried deep in the text is Article 45, which returns us to the dark ages of 2011, when certificate authorities (CAs) could collaborate with governments to spy on encrypted traffic—and get away with it. Article 45 forbids browsers from...
  • ReversalHatchery@beehaw.org
    1·
    1 year ago

    The plan was to have criminals use the storefront — an online end-to-end encryption service called Tutanota — to allow authorities to collect intelligence about them.

    Oh, yes, sorry, I had a brainfart. Certs don’t usually (or at all?) have more than one root cert.

    A CA is not expected to prevent me from hosting rootkits. Doesn’t matter if my domain is rootkits-are.us or totallylegitandsafe.net. It’s their job to make sure I own those domains. Nothing more. For a DV cert at least.

    I thought that was the goal. Not to make sure that the website is secure, but that the connection is secure, and that I’ve connected to the server that I expected.