• Ferk
      link
      fedilink
      2
      edit-2
      1 year ago

      Will you be notified and asked permission before the page is loaded?

      I mean, even for self-signed/invalid certificates, most browsers allow you to optionally access the page anyway… it’ll show some error page first, but it’ll allow you to load it if you explicitly request to continue in the error page itself, right? and you’ll get an eye-catching red icon indicating the website is untrusted… why can’t browsers implement something similar to that? Just use a different icon and a different page/dialog to opt-in on first visit. Something that isn’t as strong as the error page, but that makes it clear to the user which organization/government is responsible for authorizing the access.

      But then again… why not simply have that website registered under .id.eu (for example) and have the EU use that DNS for registering/signing subdomains using eIDAS certificates? then there would be no risk for it to potentially poison other top-level domains if it’s compromised. And imho, it would be great if when a citizen gets their eIDAS certificate it comes with a personal domain that they can freely use.

      I feel I’m not fully understanding here neither what exactly is being asked nor the purpose for asking it.
      Is there some more clear and unbiased information on this? …the way they wanna call it “secret” is also very confusing to me, that smells of FUD… in which way is it “secret”? are there no public details about the request? “secret legislation” feels almost like an oximoron. I feel that what they want to say is that the controversial sections were introduced very late in the process, following some closed-door meetings, but that’s no the same thing as the legislation being “secret”…