It's not. Read the documents linked to from the article. The law clearly refers to certificates with domain names in them, not client certificates. Actually the bigger impact of this seems to be that you wouldn't be able to host websites anonymously anymore, making WHOIS privacy meaningless, because the law appears to mandate that all certificates contain legal identities in them.
Annex IV:
Qualified certificates for website authentication shall contain:
(b) a set of data unambiguously representing the qualified trust service provider issuing the qualified certificates including at least the Member State in which that provider is established and:
—
for a legal person: the name and, where applicable, registration number as stated in the official records,
—
for a natural person: the person’s name;
...
(e) the domain name(s) operated by the natural or legal person to whom the certificate is issued;
It is interface between webservice and member state for sending authentication data to member state for purpose of auth. Think OAUTH so webservice does not have to save any auth data.
So you don't need to know anything to use all-caps and throw around LIARS.
Article 45
Requirements for qualified certificates for WEBSITE AUTHENTICATION
1. Qualified certificates for WEBSITE AUTHENTICATION shall meet the requirements laid down in Annex IV. Evaluation of compliance with the requirements laid down in Annex IV shall be carried out in accordance with the specifications and standards referred to in paragraph 4.
2. Qualified certificates for WEBSITE AUTHENTICATION referred to in paragraph 1 shall be recognised by web-browsers. For those purposes web-browsers shall ensure that the identity data provided using any of the methods is displayed in a user friendly manner. Web-browsers shall ensure support and interoperability with qualified certificates for WEBSITE AUTHENTICATION referred to in paragraph 1, with the exception of enterprises, considered to be microenterprises and small enterprises in accordance with Commission Recommendation 2003/361/EC in the first 5 years of operating as providers of web-browsing services.
He might be right. Browsers come with CAs from EU states (or agencies controlled by states) for the last 10 years (at least). I work for a public admin in Spain and our site uses one of such CAs and browsers accept it without problems. So I believe that eIDAS has to do with personal identification rather than TLS.
nvm0n2|2 years ago
Annex IV:
Qualified certificates for website authentication shall contain:
(b) a set of data unambiguously representing the qualified trust service provider issuing the qualified certificates including at least the Member State in which that provider is established and:
—
for a legal person: the name and, where applicable, registration number as stated in the official records,
—
for a natural person: the person’s name;
...
(e) the domain name(s) operated by the natural or legal person to whom the certificate is issued;
Jacobinians|2 years ago
Jacobinians|2 years ago
g-b-r|2 years ago
So you don't need to know anything to use all-caps and throw around LIARS.
Article 45
Requirements for qualified certificates for WEBSITE AUTHENTICATION
1. Qualified certificates for WEBSITE AUTHENTICATION shall meet the requirements laid down in Annex IV. Evaluation of compliance with the requirements laid down in Annex IV shall be carried out in accordance with the specifications and standards referred to in paragraph 4.
2. Qualified certificates for WEBSITE AUTHENTICATION referred to in paragraph 1 shall be recognised by web-browsers. For those purposes web-browsers shall ensure that the identity data provided using any of the methods is displayed in a user friendly manner. Web-browsers shall ensure support and interoperability with qualified certificates for WEBSITE AUTHENTICATION referred to in paragraph 1, with the exception of enterprises, considered to be microenterprises and small enterprises in accordance with Commission Recommendation 2003/361/EC in the first 5 years of operating as providers of web-browsing services.
dtech|2 years ago
pagutierrezn|2 years ago
Jacobinians|2 years ago