Konferenzbeitrag
Trustworthy QWACs –Fact or Fiction?
Vorschaubild nicht verfügbar
Volltext URI
Dokumententyp
Text/Conference Paper
Zusatzinformation
Datum
2024
Autor:innen
Zeitschriftentitel
ISSN der Zeitschrift
Bandtitel
Quelle
Verlag
Gesellschaft für Informatik e.V.
Zusammenfassung
Qualified certificates for website authentication (QWACs) have been introduced in Art. 45 of the eIDAS-Regulation (EU) No. 910/2014 about ten years ago and an amendment of the regulation has been provided with (EU) 2024/1183. Within the scope of drafts of this text the applicable requirements for QWACs changed, as explained below, which resulted in an open letter, which has been signed by a substantial number of scientists and researchers around the world and many NGOs. The fear of the scientists, researchers, NGOs and browser vendors, such as Mozilla for example, was particularly the introduction of a legal backdoor to emit bogus root certificates into the trust store of browsers by malicious state actors in order to intercept the web traffic of citizen within Europe and beyond. Against this threatening background, the present contribution seeks to provide unbiased information with respect to this controversial topic in order to contribute to answering the central question of the paper raised in the title, whether QWACs are trustworthy
(today and tomorrow) and how the standardisation bodies in charge might move on to further improve trust.