[TheFuzzball]

> The proposed eIDAS revision gives Member States the possibility of inserting root certificates at will [..]

That should've been a clear problem when architecting this system for anyone that knows how PKI works. Control and transparency around CAs (especially roots) is extremely important for web security.

Did they not consider issuing citizens with WebAuthn certificates, or working with browser vendors to support using client certificates (since they'd only need to be trusted by the server, not the client)?

I am confused.

[jeroenhd]

Knowing the EU is behind this, I wouldn't be surprised if the people making decisions about this are even aware of any technology beyond Windows XP.

The funny thing is that several European governments have actually operated certificate authorities of their own, and they worked just fine.

It's so stupid, because the rest of the eIDAS is a pretty good idea.

From what I can tell, this stupid addendum is the result of the certificate authority industry, which were mad that nobody trusts EV certificates anymore (because they never added the security they promised in the first place).

[EGreg]

WebAuthn uses private keys in the secure enclave. It won’t be affected.

To be clear: EU here is backdooring https encryption which protects most communication, not signing. While also moving to ban end-to-end encryption (Spain leading the way).