Last Chance to fix eIDAS: Secret EU law threatens Internet security

eIDAS exists since there are many conflicting standards for electronic certificates. eIDAS is an effort to unify those standards. Maybe the clause where they say browsers has to add specific CA's is for spying, but eIDAS in general isn't to help spying its just there to help unify all the different electronic certificate services in EU.

For example banking, signing official documents like grades from school etc, all of those usecases are a part of eIDAS. That is the core of the standard and there you really want to see all the certificate information to be sure it is the right origin, since unlike browsers there is no list of trusted CAs, you just see that some organization accepted it.

Edit: Browsers already had their own standard that they think is better than eIDAS, so they don't want this to apply to them. But Occam's razor says that EU just added "and browsers should also do this" instead of there being some conspiracy behind it, it was simple to just add everything instead of leaving just browsers out.

A proper solution for MitM is mandatory independent certificate transparency, not outright denial of national CAs support in browsers. A German National CA should not be able to issue certificates for .ru in the first place and having a clear record of misbehavior in CT is probably not something operators of such CA would like to have even when pressured by intelligence agencies.

Browsers should get their shit together and add proper support of domain-limited CAs and add optional whitelisting of CAs for given websites.

But it doesn't enable covert surveillance. Even without Certificate Transparency, the change in server certificate is visible to the client. Initiatives like Let's Encrypt could make it visible to server operators, too. The browser UI will present those new qualified certificates and existing certificates differently anyway, so I'm not sure if this is going to work.

The bigger issue is that for this in order to work at all, the regulation must have provisions for issuing fake assertions of existing identities to law enforcement and other security services. The predecessor didn't seem to have that. This is different from providing fake identification documents for undercover operations because as far as I understand it, those use are usually mostly made-up and do not impersonate another person.

We would have to read the actual text of the proposed regulation to know the details, but both sides (legislators and those fueling the outrage machine) do not really want us to form our own opinion and hide the draft text from us.

Also, this:

> and will be presented to the public and parliament for a rubber stamp before the end of the year

That's not how the EU parliament works, they're not just a rubber stamp. The topic is sufficiently grave without the need for clickbait and painfully obvious exaggerations.

"Agreed behind closed doors" would probably be better than "Secret Law" but I guess its a question of brevity.

They’ve had entire programs around trying to get the public engaged in this topic.

I’ve watched many of their YouTube presentations.. all with less than 100 views when I watched them, despite them being uploaded for some time.

Why can’t Mozilla publish the agreed-upon changes? Are the drafts currently classified? If so, I think it’s okay to bell ring.

> I wonder if this will tie into the BS that Google was trying to implement that would make it impossible to modify the webpage using adblocker

Very likely, yes. Also note that a similar client-side CSAM scanning feature was rolled out by Apple with a similar anticipation, and shortly after we saw the proposal of Chatcontrol and the like.

> So what happens to open source browsers?

See my other comment on the same thread[1].

[1] https://news.ycombinator.com/item?id=38110667

Yes, but:

1. Major browsers (Chrome, Safari, Edge) only accept certificates which are published in Certificate Transparency logs.

2. If a CA is discovered to have issued MitM certificates, they are swiftly distrusted by browsers.

So it's not really viable to use the existing CA system for MitM attacks.

The eIDAS proposal would:

1. Prevent browsers from distrusting CAs which are used in MitM attacks.

2. Ban mandatory checks (such as Certificate Transparency) on certificates unless the EU agrees to them.

That creates a system that is very viable for government MitM attacks.

It's not like Beijing CA can issue a rogue certifcate and suddenly a malicious actor would be able to decrypt all your internet traffic. You would have to connect to a service that uses those certificates in the first place.

An interesting experiment would be to log all certificates used by the sites you normally use, say for a month, and then look at the list for anything shady. I have no ideia if an extension exists that would allow such and experiment, but the resulting list would be much more useful.

> For example, CAs present in Firefox, that might give you pause: Beijing Certificate Authority, China Financial CA, Guang Dong CA

For someone living in the West, what are the consequences of deleting or distrusting those CAs?

I think this is a matter of assumption. For communication through mainland China, one should assume that all internet traffic is actively surveilled with probably way easier methods than CAs. On the other hand, this assumption is definitely not as true in the EU, nor do I think the Chinese government forces Firefox to trust CAs by law (talking about irony)….

The browser/CA forum’s requirement to log all issuances into the CT log takes care of this; the EU mandate hardly has such requirements while still mandating the inclusion of root certs. The approach of the browser/CA forum vs EIDAS cannot be equated for this reason.

You should read the letter, it's worse than that. It makes these gov CA's unrejectable, along with providing a means of tracking your activity. Essentially, it's like giving your least trusted eu country access to your browsing history and some of your decrypted traffic.

They could have reduced scope, but looking at effects perhaps that's not what they actual want.

> Not saying this is right or wrong, but maybe this helps understand why many people in the EU may not be so against this type of legislation.

I'm with you. I think most of the fuzz is about forcefully involving government into the CA infrastructure and the fact that this affects rest of the world.

As to the latter, I've always found it weird that by default all root stores contain hundreds of CAs from over the world. By default, anyone is assumed to trust large companies (Google, Amazon) equally as nation states (Staat der Nerderlanden) shady entities (Hongkong Post office). So it's not surprising to have everyone up in arms if the EU adds yet another chair to this table.

Wouldn't it make much more sense if users took more control and responsibility of the certs in their root store? Wouldn't it make more sense to restrict CAs to certain domains? I would be okay with a EU sanctioned CA if it could only assert authenticity of EU services, but not shops or whitehouse.gov. I've always felt that it would make much more sense if CAs were much more restricted to specific "trust use cases".

This isn't adding a few CAs s your browser trusts the tax website. This appears to be replacing all of them so the eu can see the contents of all traffic that is proxied in and out of the country. None of that seems likely to work for actual bad people.

The things that get me thinking are:

- for a CA that is business (or a non-profit), trust is their product, and if Let's Encrypt fails at it's job then clients can go elsewhere

- not sure but in EU I would assume they are going to install all member states' CA certificates into all browsers, so then EU member state government A can MITM a connection for a citizen of member state B

- even if a website has a certificate from any current provider, any EU government can still MITM a user without the company knowing

Also, as it's technically possible to combat the legislation then how much would it actually help, wouldn't any "criminal" pay attention to it too, e.g by using an appropriate browser?

No, there's no need for your browser to accept particular CAs

If some government sites want to use their CA that's one thing but what matters to identify you is the key stored in your ID card

That text is almost a year old. The recent trilogue negotiations added paragraph 45(2a) which is not public yet (hence the complaints about secrecy) but is alluded to in the open letter (https://eidas-open-letter.org):

> The proposed legislation also prevents the introduction of security checks when verifying the certificates used for encrypted web traffic in Art 45, (2a). As written, this language requires that the EU’s website certificates not be subjected to any mandatory requirements beyond those specified in ETSI standards.

This is awful, as it would forbid browsers from requiring Certificate Transparency, or banning a weak hash algorithm (like SHA-1), or requiring post-quantum keys unless the EU agrees to it.

What they should do is to create an EU CA and all countries to have subordinate CAs. Then you only have to have one CA added to the browser list that ca be added/removed at will or only added when interacting with the government and then removed from the browser.

For non-tech people I am pretty sure someone could write a program that does this automatically - like two buttons, one saying you need to access the government and another that says you don't want to access the government anymore.

Allow the eIDAS certificates, but limit them to the country code TLDs to match the jurisdiction of the certificate issuer.

While reading the site, I wondered what is this format?

₹ 3,41,00,000

This brought me to discover the Indian numbering system [1] , another brick on the "localization is hard" wall.

https://en.m.wikipedia.org/wiki/Indian_numbering_system

These are some of the requirements: "Ability to digitally sign documents in the browser using a crypto token" and "Support for Web3". What does that even mean? This is a serious, government-backed competition?

Re: Russia - SberBank, which is used by the vast majority of population, voluntarily switched to a new Russian government-controlled CA. This move aimed to coerse people to install this CA's cert under false premises and to let the state splice https if needs be. The goal was bloody obvious and it has never been about the "robustness" of infrastructure. They just want to take away people's Internet privacy.

The enforcement mechanism is to warn and then ban non-compliant. There are just too few playeds in the field here. It would take only two major browser development companies to make the world 99% compliant. And the rest is statistical error no matter how safe and secure they are.

Western security services are what we call secret police in other parts of the world. Its goal is to protect the local status quo. That's it, and thats why it can assert so much influence.

Probably not really. The EU itself (at the Brussels level) doesn't have much of an intelligence apparatus. One exists but it's small and weak compared to the likes of the NSA. The most capable was GCHQ but of course that's no longer a part of the EU.

The EU likes passing internet related legislation because of:

1. The politics of it. It involves the raw exercise of power over people who are easily bullied and that they don't like much, namely successful American companies. The EU loves passing extra-territorial laws and seeing people jump, it makes them feel like a big power bloc which is the whole aim of the EU project to begin with.

2. The revenue from it. Tech companies either fight or they try to obey, but the laws are vague and easily reinterpreted. This yields massive fines which go straight into the EU coffers, money which is then spent on purchasing loyalty both of the elected political elites (via post-election-loss sinecures and enormous "pensions" that start being paid out long before retirement), and the population itself (via EU branded projects and grants).

3. The unaccountability of it. EU law is created by the Commission which does whatever it wants. By treaty it is accountable to nothing except itself and it is the highest power in Europe. In that situation why not spend all your time on easily achieved upper-class luxury agenda items like internet regulation, which feels futuristic and cool, instead of messy stuff that bothers the regular citizens like illegal immigration, where you don't want to do it and failure comes easy?

That's why there's a constant flood of tech-related regulation coming from the EU. Seeing this specific act in isolation is a mistake, it's just the continuation of a long term trend.

The Secret Law bit is quite clickbaity.

People get very hung up on what people can technically do, but the domains of the browser or OS that doesn’t follow these rules will simply be blocked at the DNS level so that you can’t download them any more. The relevant entities such as companies developing or using said non-compliant projects will be fined, and any natural persons jailed outright, à la Stallman’s The Right To Read.

Unfortunately the whole world population is addicted to ~5 sites/apps on the web who will play the game.

If Debian patches this out, you won't be able to access those sites. That's a living edge case for them.

the law can be interpreted as making it illegal, even for end users (it deals with "web-browsers", not "web browser vendors")

It is a digital certificate standard. Browser certificates is only a tiny part of it, that wasn't why it was made. Having a standard for digital certificates is a good thing, it makes it easy to switch document signer provider etc since they all are forced to implement the same interface.

I believe that the stated/claimed intent is to create cross-country, bloc-wide digital signature interoperability and acceptance standards. The theory being that you can "digitally sign" things with a national ID (e.g. a smart card), and have that recognised anywhere in the EU. That would, in theory, help to reduce and simplify bureaucracy, especially for people moving between countries in the EU (a process which can be quite complex even with freedom of movement, due to totally different cultural norms around government systems, forms, languages, etc.)

Something better than typing your name and trusting a third party to do email verification for a digital signature certainly sounds like it could have advantages for doing business though.

I believe the issues identified here seem to stem from a (very) over-enthusiastic desire to have certificate acceptance everywhere (i.e. prevent discriminating against one country's citizens by excluding their ID card CA), without understanding the different types of trust chains and certificate chains. Presumably scattered with a bit of technical naivety as well. The concept itself is (probably?) fine, as long as it doesn't try to force browsers or SSL verifiers to accept or trust certificates they don't want to.

I suppose this is the first step towards a stricter kind of the German "Impressumspflicht". Currently, if you are operating a website in any kind of (even most remotely) commercial function, you need an imprint. Lacking one, you get nasty expensive letters from lawyers and courts. At the moment, this imprint is just a text on your website.

With certificates from a government CA containing your name, address and maybe other data like tax ID, the certificate becomes that imprint, digitally signed and hard to fake. So I guess the next step after this directive is in place will be to require such government certificates for all European websites instead of the usual domain-validated WebCA ones. For a modest fee going into the pockets of some government cronies, of course.

A key idea behind all of this is to sell "qualified certificates". Which is another way of saying "expensive certificates".

In the past, CAs sold EV certificates which gave you a nice green look in the browser bar and no security advantage (arguably security downsides, because you cannot automate it). That was good business, until browsers decided that this makes no sense and scraped any special treatment for EV certificates.

The "qualified certificates" by the EU are essentially EV with a new name.

EU bureaucrats are annoyed that ~100% of the trust decisions are made outside the EU (given that majority of browsers and the trust stores like Microsoft, Android, Java etc., are operated from US). They see it as the issue about the third part of security triade of confidentiality, integrity and availability. In short, they fear that EU company can theoretically be put out of business on a whim of US entity which is unaccountable to EU poeple (by revoking the cert in case of e-commerce, or trust bits in case of CA, or "TSP" as it's called in eIDAS). Hence the prohibition from distrusting certs unless ETSI (which is accountable to EU people) agrees.

Most of the commenters here miss the point, because they concentrate on confidentiality and integrity (cf. any post about MITM). They are of course correct that this creates capability to intercept TLS connections. They still miss the point that EU bureaucrats see it as reasonable tradeoff (which I don't think it is, but that's their POV).

Why are they hosting this on GitHub and not on EU infrastructure?

From Mozilla's post: The text goes on to ban browsers from applying security checks to these EU keys and certificates except those pre-approved by the EU’s IT standards body - ETSI.

I guess this is where client attestation comes into play.

New Firefox plugin: "Disable EU Certs"

Certificate Transparency Lists - and from what I understand, the EU does not want its CAs to publish such a list, and here lies the problem.

The first priority is ensuring citizens can answer, "how can I make sure my government isn't spying on me", to their satisfaction, and then they might start caring about the government's use-case/pretext.

In the past, browsers needed to have "export-grade cryptography", because the USA considered ciphers a weapon, thus subject to export rescriction. And this ended up playing a crucial role in downgrade attacks later on. So I would say yes, they already had to handle a similar situation in the past.

I think it's what some people are pushing for, how else can the Lisboa treaty be explained? Surely they weren't that short sighted.

That's illegal then. But the pihole won't do the trick, you need to remove the mandated certs from your browsers certstore. If these certs are used for legitimate places (e.g. EU or state websites, and I'll bet they will) you then will get a certificate error.

Of course there is still HSTS, but that's not supported by all tech using TLS.

TLS 1.3 encrypts server certificate, so it will not be possible to filter such connections out using just passive inspection.

They'd probably be fined into submission if they don't though.

I guess Europe would have to fund its own browser development. The rest of the world won't participate.

If "e2echat.com" has no method to explicitly forbid your browser from accepting eIDAS certs (via a DNS record or something) then your browser will just blindly accept the compromised cert when attacked.

This is still very bad.

There is no way for e2echat.com to make sure that the client will insist on a certain safe CA. Sure, in case e2echat.com controls all clients this would be possible, but this is a rare case.

In the general case, any CA can sign any website certificate. So all those new government CAs can sign all the man-in-the-middle certificates they like, and browsers are obliged to accept them. Nothing the website can do about that.

There are ways to pin certain CAs via DNSSEC and TLSA resource records in DNS. But browsers ignore those, and even if they didn't, the same EU proposal also specifies government DNS manipulation.

So the gist is: EIDAS must die.

Oh yeah if encryption is broken only for browsers no big deal right

Where'd you get this idea of starlink in Gaza

I'm not sure I understand the point you're trying to make. Few rights are absolute. We, as a society, obviously try to prevent people from harming one another. If you're infected with a dangerous pathogen, and you refuse to do something about it on account of "bodily integrity", you will end up violating other people's bodily integrity by infecting them. That's bad, and it would certainly be within "TPTB"'s rights to stop you.

As for vaccines being "experimental", they have saved many lives, and now that the dust has settled, they seem to have done very little harm.

This all sounds rather like conspiracy nonsense, which isn't to say that eIDAS isn't stupid, but silly conspiracy nonsense like this undermines potential real concerns with eIDAS.

    But the plans were on display…”
    “On display? I eventually had to go down to the cellar to find them.”
    “That’s the display department.”
    “With a flashlight.”
    “Ah, well, the lights had probably gone.”
    “So had the stairs.”
    “But look, you found the notice, didn’t you?”
    “Yes,” said Arthur, “yes I did. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.

Douglas Adams wasn't far off.

The worst part is that this is still better than how most governments currently work. At least there is a chance to give feedback.

Also, keep in mind that this is in the context of getting all member states of the EU to agree on something. People kicking up a fuss is the default situation because of conflicting interests between different states.

Make no mistake about how I feel about this though: it's still pretty horrible even with that context in mind. And as graemep pointed out the rest of the quotes on that page will tell you all you need to know about Juncker too.

"When it becomes serious, you have to lie'"

    - Jean-Claude Juncker

Wow, a lot of those quotes are damning.

Chat control has intercepted this forum post and flagged you as a terrorist.

Your bank account is now frozen.

Please report at your local police station tomorrow at 10am.

It's not. Read the documents linked to from the article. The law clearly refers to certificates with domain names in them, not client certificates. Actually the bigger impact of this seems to be that you wouldn't be able to host websites anonymously anymore, making WHOIS privacy meaningless, because the law appears to mandate that all certificates contain legal identities in them.

Annex IV:

Qualified certificates for website authentication shall contain:

(b) a set of data unambiguously representing the qualified trust service provider issuing the qualified certificates including at least the Member State in which that provider is established and:

—

for a legal person: the name and, where applicable, registration number as stated in the official records,

—

for a natural person: the person’s name;

...

(e) the domain name(s) operated by the natural or legal person to whom the certificate is issued;

Wow.

So you don't need to know anything to use all-caps and throw around LIARS.

Article 45

Requirements for qualified certificates for WEBSITE AUTHENTICATION

1. Qualified certificates for WEBSITE AUTHENTICATION shall meet the requirements laid down in Annex IV. Evaluation of compliance with the requirements laid down in Annex IV shall be carried out in accordance with the specifications and standards referred to in paragraph 4.

2. Qualified certificates for WEBSITE AUTHENTICATION referred to in paragraph 1 shall be recognised by web-browsers. For those purposes web-browsers shall ensure that the identity data provided using any of the methods is displayed in a user friendly manner. Web-browsers shall ensure support and interoperability with qualified certificates for WEBSITE AUTHENTICATION referred to in paragraph 1, with the exception of enterprises, considered to be microenterprises and small enterprises in accordance with Commission Recommendation 2003/361/EC in the first 5 years of operating as providers of web-browsing services.

I have no idea if you are right, but calling people liars as the first statement and extensively using capitalisation greatly undermines your message.