[asdffdasasdf]

> We were concerned about the phrasing of Article 45, that lays down a requirement for browsers to recognize any certificate ...

So same as today but with less steps?

Most govs are already in you browser/OS CA list. And every single government force you to download their own cert and add to your browser at some point. There's no way to add that cert and say "limit this to gov.in only"! after you added that cert it is game over.

e.g. https://pki.treas.gov/crl_certs.htm https://www.bit.admin.ch/bit/en/home/themes/swiss-government... plus all the gov CAs already in your browser (looking at firefox source they include, guangdong, taiwan, honkkong, netherlands and Greece. IOS 16 contains spain, belgium, something called "Government Root Certification Authority 00 B6 4B 88 07 E2 23 EE C8 5C 12 AD A6 0E 06 A1 F2" :shrug, greece, hk, Netherlands, Switzerland.

[kmeisthax]

Currently the default trust list in your browser is solely decided by your browser. More specifically there's an organization called the CA/Browser Forum where all the browser vendors are. If you want to become a CA today, you go to the Forum, submit your proposal, and then the browser vendors decide whether or not you're trustworthy. If a CA misissues certificates or otherwise screws up security, that evidence goes to the Forum and then browsers decide how to deal with that CA. Notably, in the worst case scenario, the browser developers can and have decided to completely distrust an entire CA, completely destroying their business. This has happened multiple times.

eIDAS changes this by, effectively, creating a special EU government analogue to the CA/Browser Forum. All browser developers in the EU have to trust eIDAS's CAs. This is a transfer of power from a voluntary industry consortium to appointed EU technocrats.

All those existing government CAs are currently audited by CA/B. If Greece gets caught misissuing certificates they can have their CA roots revoked by the browser vendors. The concern is that under eIDAS, the EU could just not revoke the certificate, and the browser vendors' hands would be tied. They'd be forced to accept known bad CAs and every cert they sign, including the spyware ones.

[lmm]

> eIDAS changes this by, effectively, creating a special EU government analogue to the CA/Browser Forum. All browser developers in the EU have to trust eIDAS's CAs. This is a transfer of power from a voluntary industry consortium to appointed EU technocrats.

The flipside is that while it may be a "voluntary consortium", all major browsers are developed by entities based in the US, that are therefore subject to National Security Letters etc. (and, more insidiously, US social pressure). When the next Snowden-style revelation comes out, what's to stop the US security apparatus from blocking sites associated with it? So yeah, I see more upside than downside in my browser having at least some accountability to the EU.

> All those existing government CAs are currently audited by CA/B. If Greece gets caught misissuing certificates they can have their CA roots revoked by the browser vendors. The concern is that under eIDAS, the EU could just not revoke the certificate, and the browser vendors' hands would be tied. They'd be forced to accept known bad CAs and every cert they sign, including the spyware ones.

I mean sure, you have to accept the government of Greece's certificate because they're the legitimate authority, just like you can't refuse to accept a Greek passport because you think it looks dodgy or you've never heard of Greece. If their government is issuing bad certificates, normal government accountability mechanisms apply, just like with countries that are known to sell citizenships to the wealthy. Again that seems right and proper.

[JoshTriplett]

> all major browsers are developed by entities based in the US, that are therefore subject to National Security Letters

Those browsers are Open Source. (Well, Firefox is, and Chrome's core is even though Chrome isn't). If they tried to ship a MITM-enabling mechanism it'd be obvious.

> I mean sure, you have to accept the government of Greece's certificate because they're the legitimate authority

They're not the authority for arbitrary domains on the Internet, no. Only domains that have requested a certificate through that CA. This is what Certificate Transparency is for. If a Certificate Transparency log shows a CA (governmental or otherwise) issuing a certificate for somecompany.example, and the entity controlling somecompany.example didn't request that certificate, that CA has some explaining to do, and if the answer isn't "here's exactly what happened and how we'll make sure it can never happen again", the likely outcome is that browsers will stop trusting that CA.

The point of CT is that you can't silently issue MITM certificates without permanently burning an entire CA to do it.

[lmm]

> If they tried to ship a MITM-enabling mechanism it'd be obvious.

A straight up blocklist wouldn't be though. Just treat it like a CRL entry or something.

> They're not the authority for arbitrary domains on the Internet, no.

Agreed. But they're the authority for Greek domains. If anything, it's letting some other entity issue certificates for those that's strange.

[negidius]

EU governments will be even more subject to pressure from the US. I don't understand how anyone could doubt they will comply with every request from the US government.

The difference is that the current decision makers only have power because other people trust them voluntarily. That makes them accountable, and it means a whistleblower can do much more to limit the damage by leaking the fact they are giving after to US pressure.

A government can impose its will by force, so it is much less accountable and doesn't have to worry about the consequences of its decisions nearly as much. There is nothing I can realistically do if I object to a decision by a government unless I'm a large political donor because governments don't need my consent to operate.

[lmm]

> the current decision makers only have power because other people trust them voluntarily.

Not really. Plenty of EU citizens don't trust Microsoft, Google or Apple. But there's no practical alternative. The government of an individual EU country has a lot more accountability than that.

[negidius]

They can install an open-source OS/browser and ignore Microsoft, Google, and Apple. There is nothing they can realistically do when they don't trust a government.

Governments ultimately derive their power from their ability to impose their will by violence. That makes them inherently less accountable than organizations that you are free to ignore.

[lmm]

Someone who doesn't trust a government can move countries, particularly in the EU. I'd argue that it's actually easier to avoid a given EU government than to use an OS/browser combination that's not controlled by US entities.

[ko27]

> This is a transfer of power from a voluntary industry consortium to appointed EU technocrats

Or a transfer of power from US-centric companies to actual sovereign bodies. I don't want to live in a cyberpunk world. This sounds good to me. Note that browsers are still allowed to remove them if they are compromised.

[nonethewiser]

> Or a transfer of power from US-centric companies to actual sovereign bodies.

Why are your characterizing the CA/Browser forum as US centric companies? Its a collection of certificate issuers from all over and notably includes European Accredited Conformity Assessment Bodies’ Council and the European Telecommunications Standards Institute.

[Vinnl]

The thing is that you can currently choose which org to give that power, and at least so far, those orgs have acted in line with wanting you to choose them (i.e. on your behalf).

[lmm]

Can you though? The loose consensus model means there's little accountability and no practical way to opt out of listening to a particular entity that you don't trust. There are tales of essentially "someone with an @google.com email" being able to tell a CA to stop issuing certificates to particular undesirables, and the CA complying.

[Vinnl]

You can, to a limited extent. If e.g. Google were to start censoring news.ycombinator.com by blocklisting its CAs, I could switch browsers to view it anyway. (Or vice versa, if there's a big security issue and one browser (who still trusts the relevant CAs) was vulnerable and another one was not, I might then consider switching browsers.)

[lmm]

> If e.g. Google were to start censoring news.ycombinator.com by blocklisting its CAs, I could switch browsers to view it anyway.

You could if it got to that point, but the CA would almost certainly "voluntarily" stop issuing certificates to news.ycombinator.com rather than face the risk of being blocklisted, and there's no way for you to opt out of that.

[foota]

It's pretty much an open forum, you can go and read discussions where they've removed CAs. It's more oriented around the individuals than the companies.

[dataking]

A reasonable concern here is that power is transfered from subject matter experts to technocrats with a poor track record of making technical decisions. Some recent examples of EU tech debacles include Quaero, Galileo, Gaia-X, Ariane 6.

[SiempreViernes]

On the other hand, the technocrats are beholden to actual elected officials, instead of the current situation where a group of random people selected by private companies coordinate their work by consensus without much formal structure and the members are beholden to nobody by their company boss.

[AnthonyMouse]

Rule by consensus is basically democracy by whoever is motivated enough to show up. It seems to have an extremely good track record, especially compared with rule by central bureaucracy.

The exception is if the consensus is only among a small handful of large corporations that lack competition and then become the unaccountable technocrats. But in that case what you want from governments is not to take over as the malevolent bureaucracy, it's antitrust enforcement.

[negidius]

And those elected officials are beholden to the highest bidder. In the current system, the people who make CA decisions acquired that power voluntarily and seem to have acted benevolently in the past, that's way more than you can say about government officials.

The current voluntary system is also very open, and anyone can get involved and participate to a much larger extent than people realistically can in an electoral democracy. To me, the voluntary system seems to be better and safer for everyone who doesn't have a very large amount of money to throw at elections.

[throwaway473825]

What's your concern with Galileo? Many experts consider it to be the best GNSS currently available:[1]

> The US constellation isn’t as accurate as the newer networks, said Roberts, the Sydney-based professor. “It used to be GPS was out in front,” he said. Now, though, the EU’s Galileo is in the lead, with China’s BeiDou close behind, he said.

[1] https://www.bloomberg.com/news/articles/2023-09-20/russia-s-...

[dataking]

Thanks for backing up your point with a link. I agree that Galileo is more accurate than the much older GPS system. On the other hand, the GPS system became fully operational in 1995 as far as I understand, and the Galileo system is yet to be fully operational almost a decade after the original target date.

[izacus]

And big EU tech successes like GDPR, DMA and many others. What's your point?

This is about identity regulation, not random rockets.

[negidius]

I certainly wouldn't call those successes.

[Xymist]

I would far rather have things decided by US-centric companies than even somewhat influenced by France and Germany. At least the former have comprehensible motivations.

[danielheath]

Browsers are allowed to ask permission to remove them if they are compromised.

They still have to receive that permission before they can do it.

[dataking]

I believe it is well understood by now that users tend to ignore security warnings; anyone serious about computer security will not accept this as a solution. We don't even apply security-critical patches reliably.

[danielheath]

Lately I've found browsers no longer let me click past SSL errors (at least, not without digging deep through the settings panel first).

[rad_gruchalski]

Sovereign-my-ass when they can issue any cert and mitm anything without any recourse.

[barbazoo]

> And every single government force you to download their own cert

Is that true though? I’ve immigrated quite a bunch (western world only) and never had to download a certificate when interacting with the government.

[Maken]

They used yo. Now most governments just have their own "proper" CAs which are included by default in web browsers. If you look at the default CA list of Firefox or Chrome you will see most of them are public agencies.

[theonlybutlet]

I think Certificate transparency checks mean you should be able to tell if the certificate was fraudulently issued for a domain that is not with the CA. (This circumvents that.)

In your scenario, if the domains CA is the government CA anyway, then it's fair game. Most domains' CA will be cloudflare or whatever not the government CA.

[asdffdasasdf]

here's one example, the brazil irs https://www.receita.gov.br/

good lucky finding the cert if you didn't download your firefox in brazilian portuguese or didn't register you apple device in brazil. I mean, it is not difficult to find the cert, but it is a pain for travelers.

[grotorea]

The problem seems to be "wrong domain", not "CA not recognized". You sure you have the right URL?

[asdffdasasdf]

i'm mobile. probably got the wrong url. only have bookmarks for the ca certs https://www.gov.br/iti/pt-br/assuntos/repositorio/repositori...

[ric2b]

But what do you need these certs for, is there a national website that gets an "insecure" warning if you visit it with a foreign version of Firefox?

[asdffdasasdf]

yeah, the tax preparation website and others.

[tsimionescu]

The game is not over just because you trust a CA. If they sign a certificate for a domain, they have to also publish that they did (in the CT logs) before browsers will accept it. If they do so for an entity that didn't ask for it, that will be investigated by browser and OS vendors and it may easily end up with the CA becoming untrusted.

[theonlybutlet]

Well this is it, they will no longer become untrusted. They can however, ask to have the offending certificate revoked if they have proof it's bad and once they have permission from the authorities (they kind of have to grant the permission if there's evidence but will be on the authorities timeline).

[rcxdude]

AFAIK there is no requirement for CT in this regulation, and it prevents browsers from requiring it to accept the certificates.

[amluto]

I filed the obvious bug against Firefox ten years ago :(

https://bugzilla.mozilla.org/show_bug.cgi?id=953322

[devman0]

Do browsers check the CAA records for a domain if they exist? Seems like that would solve the issue.

[g_p]

No, and the standard (RFC 6844) says they must not. That's because, in the eyes of the standard, a CAA record is applicable at time of issuance, but a valid certificate could have been previously issued (and still be valid), even though you've moved to a new CAA record for your next certificate.

"Relying Applications MUST NOT use CAA records as part of certificate validation."

For what you're looking for, DANE (RFC 6698) would be more useful and enable the browser to check the presented certificate against DNS (so effectively CAA on the client).

[ekr____]

As far as I know, they do not.

Even if they did, it doesn't really address the problem. In order to mount an effective impersonation attack, the attacker needs to either control the network or the DNS. In either case, they will generally be able to remove or change the CAA record; remember that DNSSEC deployment is comparatively rare and browsers do not verify DNSSEC in any case.

[neodypsis]

In my own country, for digital signature purposes, the official Windows installer provided by the government adds the country's Central Bank's CA for any purposes, even for software signatures. If you have a company, they also force you to use their own application for making some annual declarations. That software asks for your OS user password using a home-brew dialog so that it can update itself. If you don't provide the password then it blocks and you can't make the obligatory declaration. If you don't send said declaration, you are liable for big fines...

[noodlesUK]

I’m curious what country this is, if you’re willing to share.

I’m surprised any business filing is using a desktop app rather than on the web these days.

[neodypsis]

Costa Rica. And before you can download some of the installers, they ask for your unique digital signature card number.

[neodypsis]

> I’m surprised any business filing is using a desktop app rather than on the web these days.

It's a complete nightmare. If you want to use some other digital services you are restricted to specific browser versions, some only allow you to use Windows, and in some cases the unsigned installer is only available via HTTP.

[theonlybutlet]

Well that's dystopian.

[neodypsis]

The same central bank is asking banks (and other entities) for unanonymized information about costaricans, including bank deposits, to publish an "information package" indexed by geographical location. This under the pretext of being required by the IMF. I found it curious that nobody in the legislative commission (akin to a "congressional hearing") tasked with looking into the matter has mentioned the importance of differential privacy.

[ThePowerOfFuet]

Sounds like the perfect candidate to run in a VM.

[Astraco]

As far as I know my country doesn't force me to download any certificate, and Firefox doesn't have a cert issued by my government.

[the_mitsuhiko]

I’m curious though what CA your country uses for governmental services. Historically a lot of EU countries used some less than stellar CAs.

[Astraco]

My local government is using GlobalSign and the Tax Agency (and probably all of the central government) uses Entrust.

[ysofunny]

nonetheless your government can force your ISP to do so many things

[Astraco]

Yeah, and send somebody to my house yo shot me in the head. But none of them is happening.

[droffel]

Without a valid certificate, any ISP MITM attacks would be obvious