Connect with us
X
Categories:

Technology

Crunch time for EU web authentication plan as Mozilla launches campaign to protect status quo

Published

on

Crunch time for EU web authentication plan as Mozilla launches campaign to protect status quo
Share this post:

Mozilla’s message to MEPs appears to be gaining traction, says senior public policy manager at the non-profit.

Mozilla has stepped up its efforts to dissuade EU lawmakers from forcing web browsers to recognize the validity of contentious web certificates created by the bloc.

The non-profit architect of the Firefox browser has launched a campaign urging Members of the European Parliament (MEPs) to amend proposals tabled by the European Commission (EC) that would oblige browsers to accept Qualified Website Authentication Certificates (QWACs).

QWACkers

The EU created QWACs in 2014 to validate a website’s professed identity and therefore – in theory – protect users from fraud, malware, and surveillance.

However, QWACs, which are based on somewhat discredited extended validation certificates, have failed to gain much of a foothold in the web ecosystem in the eight years since their introduction.

Mozilla argues that QWACs are inferior to the existing, longstanding web authentication ecosystem, and that the EC proposal would bypass “the critical first line of defense against cybercrime on the web”.

With MEPs expected to vote on the proposal in October, Mozilla launched a #SecurityRiskAhead campaign yesterday (July 13) with a carnival-style duck-fishing game pitched outside the European Parliament in Brussels.

Owen Bennett, Mozilla’s senior public policy manager for Europe, told The Daily Swig that Mozilla’s message appeared to be gaining traction.

The QWACs amendment – article 45.2 – was deleted from a recent draft report (PDF) for the EU’s digital identity framework in order to accommodate revisions, and various security-related amendments have already been tabled in parliament, he said.

An open letter urging a rethink, published in March by 38 security experts, was “a big turning point” in persuading MEPs, Bennett believes.

The Internet Society, Electronic Frontier Foundation (EFF), and the world’s largest certificate authority, Let’s Encrypt, have also campaigned against the proposal.

Trusted system

The browser-led web authentication system in place sees certificated websites using the TLS-encrypted HTTPS protocol and displaying a padlock icon in the URL address bar to advertise their secure status.

Web – or SSL – certificates are currently issued by more than 100 certificate authorities (CAs), which are vetted by Mozilla and other leading browser makers, including Google, Microsoft, and Apple.

Critics of QWACs, which are issued by ‘Trust Service Providers’ (TSPs) approved by governments of EU member states, argue that they cannot draw on comparable technical expertise and resources. They can also point to the fact that hundreds of millions of web users happily submit payment card details online as evidence that the status quo is widely, and justifiably, trusted.

Mozilla CSO Marshall Erwin warned that if the well-intentioned EC proposal were “copied elsewhere, the regulation will give the tools to governments to carry out state-sponsored surveillance of internet traffic”.

Mozilla cited large-scale snooping campaigns by Iran’s theocracy in 2011 and the governments of Kazakhstan and Mauritius in 2020 and 2021 respectively as examples of the activity the regulation could enable.

‘Ceiling on website security’

“Article 45 puts a ceiling on website security,” said Bennet. “It says you must accept QWACs, not put in place any additional protections, and not take action when a certificate authority is found to be compromised. For us that creates an untenable risk to Firefox users.”

The EU’s digital identity framework will be incorporated into the electronic Identification, Authentication, and Trust Services (eIDAS) regulation, which was enacted in 2014 to facilitate the emergence of a European internal market for trust services.

Bennett said the campaign was not seeking to “blow up the whole regulation”, but that Mozilla simply wanted “some small tweaks” to give browsers the “discretion to take action when an entity issuing QWACs doesn’t meet existing security standards or poses a security risk”.

A spokesperson for the European commission told The Daily Swig:

The eIDAS Regulation is technology neutral. QWACs were introduced in 2014 as a means to enhance trust and reduce fraud and is used to ensure trusted transactions in the PSD2 environment (as a means for Payment Service Providers to identify).

The concerns raised by the browser community is based on an understanding of the technical implementation of the obligation to recognise QWACs which is not supported by the Commission legal proposal. The Commission proposal intends to achieve recognition of QWACs in the browser environment, which can be achieved without interfering with existing root store policies and web browser security requirement. There is no reason why a certificate issued as trustworthy according to EU law should not be recognised as such by the browser community.

In collaboration with the relevant standardisation bodies and the availability of commonly and globally accepted standards, the implementing act referred to in Article 45 will set out the technical specifications/references to the applicable standards which will enable the recognition of QWACs in accordance with the above.


Get More Stories Like This On: Facebook: @AllNaijaEntertainment, Twitter: @AllNaijaEntertainment
Chief Oyerigha Echo Toikumoh - The Earlier The Better
Music1 month ago

[Music] Chief Oyerigha Echo Toikumoh – The Earlier The Better

Enzo Maresca and Mikel Arteta stated they will not take Pep Guardiola's place at Manchester City
Sports1 month ago

Enzo Maresca and Mikel Arteta stated they will not take Pep Guardiola’s place at Manchester City

Alan Shearer reckons Liverpool star is ‘not going to get better’
Sports1 month ago

Alan Shearer reckons Liverpool star is ‘not going to get better’

NECO examiners threaten nationwide protest over unpaid entitlements
News1 month ago

NECO examiners threaten nationwide protest over unpaid entitlements

Jonathan congratulates Trump on historic election win
News1 month ago

Jonathan congratulates Trump on historic election win

Peter Obi can become president in 2027 — Yunusa Tanko
News1 month ago

Peter Obi can become president in 2027 — Yunusa Tanko

Dua Lipa forced to cancel show after ‘unforeseen safety issues’
Entertainment1 month ago

Dua Lipa forced to cancel show after ‘unforeseen safety issues’

Uzoamaka Onuoha wins Best Female Performance in a feature at AFRIFF 2024
Entertainment1 month ago

Uzoamaka Onuoha wins Best Female Performance in a feature at AFRIFF 2024

'Phoenix Fury' bags Best Film award at the 13th edition of AFRIFF
Entertainment1 month ago

‘Phoenix Fury’ bags Best Film award at the 13th edition of AFRIFF

Vivo begins teasing new Dimensity 9400 flagships internationally
Technology1 month ago

Vivo begins teasing new Dimensity 9400 flagships internationally

Google Pixel 11 and Pixel 11 Pro may trade performance gains for longer battery life
Technology1 month ago

Google Pixel 11 and Pixel 11 Pro may trade performance gains for longer battery life

Manchester United players warned ‘only one is safe’ under Ruben Amorim
Sports1 month ago

Manchester United players warned ‘only one is safe’ under Ruben Amorim

Austin DeAnda given impromptu makeover after he is forced to have haircut in the middle of fight
Sports1 month ago

Austin DeAnda given impromptu makeover after he is forced to have haircut in the middle of fight

IG orders punishment for errant cops
News1 month ago

IG orders punishment for errant cops

Be ready to recover stolen mandate — Ighodalo tells PDP
News1 month ago

Be ready to recover stolen mandate — Ighodalo tells PDP

No part of Ogun will be ceded under my watch — Dapo Abiodun
News1 month ago

No part of Ogun will be ceded under my watch — Dapo Abiodun

Ruger calls out auto tune and hype culture in music
Entertainment1 month ago

Ruger calls out auto tune and hype culture in music

I hate to play same role repeatedly — Actress Bimbo Akintola
Entertainment1 month ago

I hate to play same role repeatedly — Actress Bimbo Akintola

Fans split on Davido, Wizkid, and Burna Boy's Grammy nominations.
Entertainment1 month ago

Fans split on Davido, Wizkid, and Burna Boy’s Grammy nominations

Samsung Galaxy S25 Slim: Leaker reveals launch details for Samsung's rival iPhone 17 Air
Technology1 month ago

Samsung Galaxy S25 Slim: Leaker reveals launch details for Samsung’s rival iPhone 17 Air

Realme names first smartphone to get Android 15 beta worldwide
Technology1 month ago

Realme names first smartphone to get Android 15 beta worldwide

England interim manager tipped for surprise Premier League job
Sports1 month ago

England interim manager tipped for surprise Premier League job

Hakim Ziyech mocks Israeli supporters attacked in Amsterdam
Sports1 month ago

Hakim Ziyech mocks Israeli supporters attacked in Amsterdam

Court jails seven for internet fraud in Kaduna
News1 month ago

Court jails seven for internet fraud in Kaduna

Edo APC criticizes Obaseki’s last-minute appointments
News1 month ago

Edo APC criticizes Obaseki’s last-minute appointments

Edo PDP announces caretaker committee
News1 month ago

Edo PDP announces caretaker committee

Tems makes history after securing 3 nominations for the 67th Grammys
Entertainment1 month ago

Tems makes history after securing 3 nominations for the 67th Grammys

Beyoncé surpasses Jay-Z to become the most nominated artist in Grammy history
Entertainment1 month ago

Beyoncé surpasses Jay-Z to become the most nominated artist in Grammy history

Davido, Wizkid, Tems, Asake make 2025 Grammy nominations
Entertainment1 month ago

Davido, Wizkid, Tems, Asake make 2025 Grammy nominations

Davido, Wizkid, Tems, Asake make 2025 Grammy nominations
Entertainment1 month ago

2025 GRAMMY: Academy unveils category changes ahead of nomination event

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 month ago

[STORY] THE PASTOR’S DAUGHTER (Final Episode 13)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 month ago

[STORY] THE PASTOR’S DAUGHTER (Episode 12)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 month ago

[STORY] THE PASTOR’S DAUGHTER (Episode 11)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 month ago

[STORY] THE PASTOR’S DAUGHTER (Episode 10)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 month ago

[STORY] THE PASTOR’S DAUGHTER (Episode 09)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 month ago

[STORY] THE PASTOR’S DAUGHTER (Episode 08)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 month ago

[STORY] THE PASTOR’S DAUGHTER (Episode 07)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 month ago

[STORY] THE PASTOR’S DAUGHTER (Episode 06)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 month ago

[STORY] THE PASTOR’S DAUGHTER (Episode 05)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 month ago

[STORY] THE PASTOR’S DAUGHTER (Episode 04)

ANE Billboard Hots



Join "ANE sabi" clique

Don't miss a thing, get ogbonge ANE latest updates to fuel your conversation daily.