Hacker News new | ask | show | jobs
by chuckee 1676 days ago
> In a nutshell, the revised Article 45 would force browsers to suspend the ‘root store’ policies that are essential for maintaining trust and security online. [..] At the same time, the types of website certificates that browsers would be forced to accept, namely QWACs

Can someone explain where this 'force' comes from? I wasn't aware the EU had such authority to decide how programs on a users private computer must behave. Would e.g. making a fork of Firefox that does not comply with this digital identity framework be illegal? Or is this just hyperbole from Mozilla, and the browser would be merely non-compliant?
4 comments
Mindwipe 1676 days ago
> I wasn't aware the EU had such authority to decide how programs on a users private computer must behave.

Why not? They publish directives that result in criminal law in member states all the time.

A directive is published, member states are obligated to turn that into domestic legislation, and yes, ultimately a state can criminalise lots of things if it wants to.

link
chuckee 1676 days ago
> such authority

Key word "such". Prescribing which certificates I am obligated to trust is many many steps beyond e.g. banning DRM circumvention (which is itself a step too far IMO).

link
Jensson 1676 days ago
Likely it only applies to software you ship to users in EU, not software you use yourself even if you are in EU.
link
keddad 1676 days ago
Well, the original document states that "Web-browsers shall ensure support and interoperability with qualified certificates for website authentication referred to in paragraph 1...". I'm not sure, however, what punishment, if any, is there for the browsers that don't comply with that regulation.
link
raxxorrax 1675 days ago
Not the browsers will be reprimanded. That would be webservices like Youtube that only allows browsers providing a certified ID to let users look at the more controversial cat pictures. It is an extremely transparent power grab.
link
Jensson 1676 days ago
> Would e.g. making a fork of Firefox that does not comply with this digital identity framework be illegal?

No, this only applies to medium to large companies shipping browsers and they only have to follow it after operating for 5 years. If you fork a browser and edit it then that is working as intended, and if you fork it and distribute binaries that is also ok since you aren't a medium big company. Possibly the company label refers to CA or site, but the 5 year window gives you plenty of time to refork every 5 years in the worst case, and this only apply if you operate as a browser provider so you can use it yourself forever.

"Web-browsers shall ensure support and interoperability with qualified certificates for website authentication referred to in paragraph 1, with the exception of enterprises, considered to be microenterprises and small enterprises in accordance with Commission Recommendation 2003/361/EC in the first 5 years of operating as providers of web-browsing services"

link
thrower123 1676 days ago
The EU has exactly as much authority as we believe it to have, and as much as the member states are willing to enforce.

Those of us not within their bounds could just decide not to comply with their nonsense, and there isn't a great deal that they could actually do about it.

Instead we're letting Europe pull a California, to the detriment of the entire internet.

link