“In a nutshell, the EU is mandating that browsers accept EU member state-issued Certificate Authorities (CAs) and not remove them even if they are unsafe. If you think this sounds bad, you’re right. Multiple times, EFF, along with other security experts and researchers, urged EU government regulators to reconsider the amended language that fails to provide a way for browsers to act on security incidents. There were several committees that supported amending the language, but the EU council went ahead and adopted this highly flawed language.”
You must log in or # to comment.