|
|
|
|
|
|
by galadran
952 days ago
|
|
|
EU Commission FAQ (emphasis mine): Recognition means that web browsers are required to ensure support and interoperability for the QWAC for the sole purpose of displaying identity data in a user-friendly manner. *Recognition of QWACs implies that browsers shouldn't question the origin, integrity or data in the certificate*. However, the requirement to recognise QWACs does not affect browser security policies and leaves web browsers free to preserve their own procedures and criteria for encryption and authentication of *other certificates*. https://ec.europa.eu/commission/presscorner/detail/en/QANDA_... |
|
|
Apart from checking the certificate chain and revocation lists, isn't that what browsers do?