|
|
|
|
|
|
by supriyo-biswas
963 days ago
|
|
|
> Browsers already had their own standard that they think is better than eIDAS Unlike the Browser/CA forum
rules which are security focused, EIDAS comes from a government mandate first and foremost, so the concern isn’t entirely subjective as you suggest. > "and browsers should also do this" instead of there being some conspiracy behind it The law isn’t RFC 2119 where there is a distinction between SHOULD and MUST: the law is all about what an entity MUST do, so bringing up “should” in this context isn’t helping the point you’re typing to make. |
|
|
> Unlike the Browser/CA forum rules which are security focused, EIDAS comes from a government mandate first and foremost, so the concern isn’t entirely subjective as you suggest.
I didn't say this was subjective. My argument was that it is easy to see why EU would do this without having surveillance in mind. They just wanted all certificates to follow the same standard, the main part of these standards were document signing and they thought web sites are documents so we add them as well to the standard.
> so bringing up “should” in this context isn’t helping the point you’re typing to make.
I didn't make a distinction between should and must there, that wasn't my point at all. What was hard to understand there? This bill is first and foremost about document signing, and then they added a clause that it also applies to browsers. That is the main part of my argument.
A bill that first and foremost targets document signing doesn't seem like it was obviously made to add spying on browsers, if that is what they wanted they would have labeled it "web protection bill" or something like they did with the chat one, they aren't afraid of saying it is about spying when that is what they want.