Google Online Security Blog: Qualified certificates with qualified risks

By admin
Improving the interoperability of web services is an important and worthy goal. We believe that it should be easier for people to maintain and control their digital identities. And we appreciate that policymakers working on

European Union

digital certificate legislation, known as eIDAS, are working toward this goal. However, a specific part of the legislation,

Article 45

, hinders browsers’ ability to enforce certain security requirements on certificates, potentially holding back advances in web security for


. We and many past and present leaders in the international web community have significant concerns about

Article 45’s

impact on security.

We urge lawmakers to heed the calls of scientists and security experts to revise this part of the legislation rather than erode users’ privacy and security on the web.