Fundamentally, the whole issue with eIDAS comes down to one thing: you cannot mandate trust.
If it's mandated, it isn't trust. It's something else. By mandating that browsers "trust" certain CAs, they're breaking the entire trust model of the internet.
My only question is whether they truly don't understand this, do understand it but don't care, or are actively interested in destroying that trust.
If it's mandated, it isn't trust. It's something else. By mandating that browsers "trust" certain CAs, they're breaking the entire trust model of the internet.
My only question is whether they truly don't understand this, do understand it but don't care, or are actively interested in destroying that trust.