Security News > 2022 > March > Experts urge EU not to force insecure certificates in web browsers

Experts urge EU not to force insecure certificates in web browsers
2022-03-04 20:00

The particular provision requires web browsers like Chrome, Safari, and Firefox to accept QWACs, which practically compels browser developers and security advocates to ease their security stance.

TLS certificates are vital for the online exchange of sensitive information with websites such as passwords, sensitive uploads, or payment details.

As part of the amendment to Article 45, EU lawmakers want to force browsers to accept QWACs certificates to improve authentication on the Web and create a more streamlined system of GDPR compliance, owner information, and data transaction guarantees.

Binding TLS with QWACs limits technological neutrality and interoperability in the EU digital market, and harms the ability of EU entities to compete in the global economy.

"The Digital Identity framework mandates browsers accept QWACs issued by Trust Service Providers, regardless of the security characteristics of the certificates or the policies that govern their issuance," reads the letter to sent EU regulators.

You see, browsers/OS vendors haven't adopted QWACs, mostly because CAs are insisting it can only be as TLS certs, while browsers have been pointing out that makes zero technical sense for the goals.


News URL

https://www.bleepingcomputer.com/news/security/experts-urge-eu-not-to-force-insecure-certificates-in-web-browsers/