Talk:EIDAS

This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to multiple WikiProjects.

Articles for creation This article was reviewed by member(s) of WikiProject Articles for creation. The project works to allow users to contribute quality articles and media files to the encyclopedia and track their progress as they are developed. To participate, please visit the project page for more information.Articles for creationWikipedia:WikiProject Articles for creationTemplate:WikiProject Articles for creationAfC articles This article was accepted from this draft on 6 April 2016 by reviewer Zppix (talk · contribs). Europe This article is within the scope of WikiProject Europe, an effort to build a comprehensive and detailed guide to European topics of a cross-border nature on Wikipedia.EuropeWikipedia:WikiProject EuropeTemplate:WikiProject EuropeEurope articles ??? This article has not yet received a rating on the project's importance scale. Law This article is within the scope of WikiProject Law, an attempt at providing a comprehensive, standardised, pan-jurisdictional and up-to-date resource for the legal field and the subjects encompassed by it.LawWikipedia:WikiProject LawTemplate:WikiProject Lawlaw articles ??? This article has not yet received a rating on the project's importance scale. European Union This article is within the scope of WikiProject European Union, a collaborative effort to improve the coverage of the European Union on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.European UnionWikipedia:WikiProject European UnionTemplate:WikiProject European UnionEuropean Union articles ??? This article has not yet received a rating on the project's importance scale. Electronics This article is part of WikiProject Electronics, an attempt to provide a standard approach to writing articles about electronics on Wikipedia. If you would like to participate, you can choose to edit the article attached to this page, or visit the project page, where you can join the project and see a list of open tasks. Leave messages at the project talk pageElectronicsWikipedia:WikiProject ElectronicsTemplate:WikiProject Electronicselectronic articles ??? This article has not yet received a rating on the project's importance scale. Computing This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles ??? This article has not yet received a rating on the project's importance scale. Technology This article is within the scope of WikiProject Technology, a collaborative effort to improve the coverage of technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.TechnologyWikipedia:WikiProject TechnologyTemplate:WikiProject TechnologyTechnology articles

Prior content in this article duplicated one or more previously published sources. The material was copied from: http://www.cryptomathic.com/news-events/blog/understanding-the-major-terms-around-digital-signatures. Copied or closely paraphrased material has been rewritten or removed and must not be restored, unless it is duly released under a compatible license. (For more information, please see "using copyrighted works from others" if you are not the copyright holder of this material, or "donating copyrighted materials" if you are.)

For legal reasons, we cannot accept copyrighted text or images borrowed from other web sites or published material; such additions will be deleted. Contributors may use copyrighted publications as a source of information, and, if allowed under fair use, may copy sentences and phrases, provided they are included in quotation marks and referenced properly. The material may also be rewritten, providing it does not infringe on the copyright of the original or plagiarize from that source. Therefore, such paraphrased portions must provide their source. Please see our guideline on non-free text for how to properly implement limited quotations of copyrighted text. Wikipedia takes copyright violations very seriously, and persistent violators will be blocked from editing. While we appreciate contributions, we must require all contributors to understand and comply with these policies. Thank you. /wiae /tlk 18:01, 7 April 2016 (UTC)[reply]

A couple of days ago, some of the references in the eIDAS article where removed by an anonymous user with the justification that they were "SPAM". I strongly support the movement of keeping Wikipedia free of spam. However I had to undo the activity as it was not justified. Let me defend the notability of the authors quoted in the following. The first reference deleted as spam was by Jens Bender from Fraunhofer Institute, one of Germany's most renowned research institutes. The source was published on www.Bund.de, which is the public portal of Germany's Federal Administration. The source was critically evaluating opportunities and risks and helped to bring the article away from wiktionary kind of explanation towards an evaluating essay. Also Ashiq J.A. is known to many security experts. His tweets on #infosec have more than 800 followers (https://twitter.com/AshiqJA). Mr Ashiq is security evangelist within the U.A.E government and brought a valuable outside perspective. Then there were quotes by Mrs Dawn Turner. I like her posts and regularly quote her as she creates the bigger picture, sets into context and explains. Especially when talking about the intersection of information security and law, this helps a lot. Additional sources will help to enhance. But please avoid destructive steps that would harm the credibility of the article. Discussions in the talk section would be the most fruitful. I like those discussions like in the talk of the Beatles entry. They help sharpening and improving the article. And please do not work anonymously. ScienceGuard (talk) 08:07, 14 December 2016 (UTC)[reply]

Increasingly I follow discussions on the security of eIDAS. I.e. the risk that centralized trust-service-providers could be tempted to breach data security laws and misuse data as they have an overall insight into transactions, participating agents (nodes) their relationships (edges). Governments (or Espionage agencies and hackers) would get easy access to a network of relationships which can be maliciously exploited. I know that ETSI is continuously working on additional standards helping to secure the data and to better specify eIDAS. But I did not find any notable source so far that allows to discuss this in the article. Please contribute! ScienceGuard (talk) 08:13, 14 December 2016 (UTC)[reply]

You were prescient. Seven years later, the EU is expanding the law to enable exactly that. There weren't reliable sources then, but there certainly are a lot clamoring about it now. DenverCoder19 (talk) 16:39, 4 November 2023 (UTC)[reply]

Should the 1st and 2nd versions of the law be separate articles or single ones? DenverCoder9 (talk) 15:37, 4 November 2023 (UTC)[reply]

A significant proportion of publications covering the law specifically examine Article 45, so I've put more weight to it, since this seems to be the most historically significant provision of the law. DenverCoder19 (talk) 16:21, 4 November 2023 (UTC)[reply]

The section "Man-in-the-middle attacks and mass surveillance" has a very negative tone. It also states various factually incorrect statements and fearmongering. I have problems with the following:

- The term "EU Government". This sounds like the EU as a organization will be able to read, decrypt and perhaps re-encrypt HTTPS traffic, when it is in fact the national government that would be able do that.

- The mentions about the EU being able to "hack into any internet-enabled device" is too extreme and unsubstantiated with the sources provided. While yes, internet traffic could theoretically be intercepted and decrypted, that alone wouldn't allow "the EU" to "hack any internet-enabled device".

For this I am marking this section as disputed. Creekie (talk) 10:41, 9 November 2023 (UTC)[reply]

"Any EU government" refers unequivocally to any government in the EU. It's plural. This might be an American-European English split. In American English, "government" generally refers to the public sector as a whole, not the parliament or cabinet.

Yes, in fact it would allow any EU government to hack into the communications of any internet-enabled device. As long as a device is controlled by the internet, the packets can be intercepted and modified, as stated in the source. DenverCoder19 (talk) 01:23, 24 November 2023 (UTC)[reply]

The purpose of Qualified Web Authentication Certificates (QWACs) is to enhance the security and transparency of the Internet as trusted services. QWACs do not restrict browsers own security policies, especially as Article 45 of the Identity Regulation leaves it up to them to maintain their own procedures and criteria in order to maintain and preserve the privacy of online communication using encryption and other proven methods.

The final version of the European Digital Identity Regulation has confirmed this fact. https://www.europarl.europa.eu/doceo/document/TA-9-2024-0117_EN.pdf

Recital 65 establishes that, for the purpose of enhancing online security for end-users, "providers of web browsers should, in exceptional circumstances, be able to take precautionary measures that are both necessary and proportionate in response to substantiated concerns regarding security breaches or the loss of integrity of an identified certificate or set of certificates."

Finally, the Commissions’ statement issued in the Parliament has made it clear that recognising QWACs does not impose obligations or restrictions on how web browsers establish encrypted connections with websites or authenticate the cryptographic keys. This stance does not impact browser security policies. (Statement by the Commission on Article 45 on the occasion of the adoption of Digital Identity Regulation).

QWACs enable website identification at a high level of assurance, attesting the link between the website domain name and the natural or legal person to whom the certificate is issued, and confirming the identity of that person. Providers of web-browsers should then display the certified identity data and the other attested attributes to the end-user in a user-friendly manner in the browser environment. 158.169.40.25 (talk) 09:07, 9 April 2024 (UTC)[reply]

A user added "While the main language of that text..." If I'm reading this correctly, it suggests that web browsers will be able to detect a MITM. However, they will still be able to perform the MITM, which is what a wide range of organizations were concerned about.

Is there a third-party source that analyzes this assertion? The source appears to be a single organization and not a secondary source. DenverCoder19 (talk) 01:48, 2 December 2023 (UTC)[reply]

QWAC issuers will have to undergo constant monitoring by their auditors in addition to annual audits, plus annual evaluation by an independent Conformity Assessment Body, as well as monitoring and approval by a national Supervisory Body. It is difficult to imagine how in this scenario the use of QWACS should facilitate an undetected MITM attack. Please refer to the detailed statement elaborated by the European Signature Dialogue to correct misinformation on the topic. (4) Post | LinkedIn 158.169.40.25 (talk) 09:08, 9 April 2024 (UTC)[reply]