The point is not to reduce browser security. The point is to hack their custom authentication system into browsers. They trust a bunch of companies and they trust their own governments, and they want everyone else to also trust them so they don’t need to develop a custom browser for their government SSO.
Independent of browsers, their crypto is fine. Their trust anchor system is also fine. The only problem is that they attempt to force their designs into software not designed to support what they want.
The legislation requires web browsers to trust EU countries’ CAs (which browsers already tend to do, but are presently free to remove when they’re observed being misused) and prohibits doing non-ETSI-approved validity checks (eg, certificate transparency, which is a way CA-misusing MITM attackers can be caught).
Wouldn’t you say the point of that particular clause is to reduce browser security (so that cops and intelligence agencies are free to exploit it without interference from CT)?
I doubt they care about CT checks per se, they’re just afraid that Digicert fucking up will break their critical government services. They say “trust our shit when X and Y” because that’s how they designed their system, they don’t want to think about fraud and abuse and human error, because that would be Not According To The Law and therefore never happens.
If they wanted to make browsers less secure, they would do so in much more obvious ways. They proposed a straight-up ban on E2EE and mandatory upload filtering with a hashing algorithm they decided on. They also have several (outdated) security specs that made it into the Brexit accords.
Individual sets of intelligence agencies break and sabotage encryption all the time (5 eyes, 7 eyes, other configurations of eyes) but they’re not as obvious as “here’s a spec everyone can read and verify with obvious flaws”.
The EU can be rather shit, but they don’t care to hide their shittiness.
I doubt they care about CT checks per se, they’re just afraid that Digicert fucking up will break their critical government services.
Right… uh. Listen, my government used a local/regional CA. Do you want to know what happened? My government got the privilege to emergency re-issue all of their TLS certificates with a different CA because the local/regional CA forgot to renew its own CA certificate. Everything was down. Government websites, government services, eID SSO authentication, etc. You had one job!
I’m curious why they want this instead of mTLS certificates? This smells like secret services counseled Europe using a front company. But that wouldn’t surprise me, since similar events happened multiple times in the past.
Why would the secret services need a front company? France, Spain, and The Netherlands all operate or have operated normal certificate authorities. If this ends up rolling out, abuse alert systems will be built in. Just because CT cannot be used to verify the certificate doesn’t mean the individual certificates can’t be uploaded to a central store where they can be audited in public.
mTLS sucks, mostly because of the 2003 era UI browsers pack for it. Honestly, the entire system can be replaced by a basic smart card or even a government-provided Yubikey. Because of the EU being the EU, they’re just more than five or ten years behind the times. An EV program made a lot of sense back in 2010.
Why would the secret services need a front company?
Governments here must use public tenders to buy services, and they pick the offer with the lowest price. Secret services can eat operational costs to place an extraordinarily competitive bid, but governments usually have anti-spying regulations. Hence, secret services bid with front companies.
But why bid in the first place, you may ask? eGovernment services are an attractive target due to the sensitive information at stake, and the potential to influence laws related to the eGovernment services. Secret services implement eGovernment services in a way that allows them to gain intelligence.
But how can they implement services in such a way, you may ask? Ask forgiveness, not permission. Of course, bullshit justifications play an important role here. E2EE? Why do that? Do you not want to scan files that go through the system for viruses? Real justification for why De-Mail stores sensitives emails in plaintext.
Governments now have the following options:
Discard their paid work and forget about the initiative.
Discard their paid work and contract someone more expensive than the original bidder.
Pass laws to allow how the insecure service operates.
Remember De-Mail? Yeah, that exists. Exceptions that allow insecure storage of sensitive emails as long as it’s De-Mail. Exceptions that allow De-Mail providers to send legally binding emails on behalf of everyone. No, I’m serious. If anybody comprises De-Mail providers, they can practically send legally binding emails on behalf of everyone, as long as they don’t leave behind any trails of course.
But sometimes, like here I suspect, secret services hit the jackpot. They’ve got such an insecure implementation that the laws required to allow the service to operate nullifies the security of a large portion of the internet. Now, if enforced, they can intercept traffic like they used to back when everyone ran on http without the s. SIGINT is dead, long live SIGINT!
The point is not to reduce browser security. The point is to hack their custom authentication system into browsers. They trust a bunch of companies and they trust their own governments, and they want everyone else to also trust them so they don’t need to develop a custom browser for their government SSO.
Independent of browsers, their crypto is fine. Their trust anchor system is also fine. The only problem is that they attempt to force their designs into software not designed to support what they want.
The legislation requires web browsers to trust EU countries’ CAs (which browsers already tend to do, but are presently free to remove when they’re observed being misused) and prohibits doing non-ETSI-approved validity checks (eg, certificate transparency, which is a way CA-misusing MITM attackers can be caught).
Wouldn’t you say the point of that particular clause is to reduce browser security (so that cops and intelligence agencies are free to exploit it without interference from CT)?
I doubt they care about CT checks per se, they’re just afraid that Digicert fucking up will break their critical government services. They say “trust our shit when X and Y” because that’s how they designed their system, they don’t want to think about fraud and abuse and human error, because that would be Not According To The Law and therefore never happens.
If they wanted to make browsers less secure, they would do so in much more obvious ways. They proposed a straight-up ban on E2EE and mandatory upload filtering with a hashing algorithm they decided on. They also have several (outdated) security specs that made it into the Brexit accords.
Individual sets of intelligence agencies break and sabotage encryption all the time (5 eyes, 7 eyes, other configurations of eyes) but they’re not as obvious as “here’s a spec everyone can read and verify with obvious flaws”.
The EU can be rather shit, but they don’t care to hide their shittiness.
Right… uh. Listen, my government used a local/regional CA. Do you want to know what happened? My government got the privilege to emergency re-issue all of their TLS certificates with a different CA because the local/regional CA forgot to renew its own CA certificate. Everything was down. Government websites, government services, eID SSO authentication, etc. You had one job!
I’m curious why they want this instead of mTLS certificates? This smells like secret services counseled Europe using a front company. But that wouldn’t surprise me, since similar events happened multiple times in the past.
Why would the secret services need a front company? France, Spain, and The Netherlands all operate or have operated normal certificate authorities. If this ends up rolling out, abuse alert systems will be built in. Just because CT cannot be used to verify the certificate doesn’t mean the individual certificates can’t be uploaded to a central store where they can be audited in public.
mTLS sucks, mostly because of the 2003 era UI browsers pack for it. Honestly, the entire system can be replaced by a basic smart card or even a government-provided Yubikey. Because of the EU being the EU, they’re just more than five or ten years behind the times. An EV program made a lot of sense back in 2010.
Governments here must use public tenders to buy services, and they pick the offer with the lowest price. Secret services can eat operational costs to place an extraordinarily competitive bid, but governments usually have anti-spying regulations. Hence, secret services bid with front companies.
But why bid in the first place, you may ask? eGovernment services are an attractive target due to the sensitive information at stake, and the potential to influence laws related to the eGovernment services. Secret services implement eGovernment services in a way that allows them to gain intelligence.
But how can they implement services in such a way, you may ask? Ask forgiveness, not permission. Of course, bullshit justifications play an important role here. E2EE? Why do that? Do you not want to scan files that go through the system for viruses? Real justification for why De-Mail stores sensitives emails in plaintext.
Governments now have the following options:
Remember De-Mail? Yeah, that exists. Exceptions that allow insecure storage of sensitive emails as long as it’s De-Mail. Exceptions that allow De-Mail providers to send legally binding emails on behalf of everyone. No, I’m serious. If anybody comprises De-Mail providers, they can practically send legally binding emails on behalf of everyone, as long as they don’t leave behind any trails of course.
But sometimes, like here I suspect, secret services hit the jackpot. They’ve got such an insecure implementation that the laws required to allow the service to operate nullifies the security of a large portion of the internet. Now, if enforced, they can intercept traffic like they used to back when everyone ran on http without the s. SIGINT is dead, long live SIGINT!