FB pixel

Mozilla to Europeans updating eIDAS: Let’s give this more thought

Mozilla to Europeans updating eIDAS: Let’s give this more thought
 

Mozilla is waving off European Commission members, who are considering an update to their 2014 digital ID framework for online transactions.

The foundation, developer of the Firefox browser, pushes its pro-privacy stance hard. That is why it is noteworthy that its executives oppose digital ID security efforts by the only major economy that also seems to prioritize online privacy.

Indeed, executives at Mozilla say that they will not be able to honor their security commitments to Firefox users.

Commission members this year proposed an update to its electronic ID and trust services regulation, or eIDAS, improving interoperability and security of digital identification.

Important problems need to be addressed in the draft rules, however, according to a Mozilla white paper.

Changes being discussed would make browsers suspend root store policies necessary to maintain trust and security, Mozilla executives say. The policies “underpin a system of online trust” critical to protecting the security of every person using a browser.

Browsers also would have to accept website certificates that are “based on a flawed certificate architecture that is ill-suited” for online risks today. The so-called qualified web authentication certificates, or QWACs, are too risky, according to Mozilla.

Extended validation (EV) certificate architectures, which are based on QWACs, wrongly convince people that they are safe at a given site only to leave them open to phishing and domain impersonation.

In fact, according to a Mozilla blog post, “no major browser showcases EV certificates directly in the URL address bar.”

For these reasons, Mozilla says, the revisions being considered by the commission cannot make support for QWACs mandatory for browsers.

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

Facial recognition search engine claims 50K new photos of missing people

FaceCheck.ID has supposedly added 50,000 photos to its database. At the time of writing, the website has more than 920,000…

 

IntelliVision censured for misleading biometric accuracy and bias claims by FTC

The U.S. Federal Trade Commission has slapped IntelliVision with a consent order to halt claims about the accuracy of its…

 

DHS seeks wired interconnection for mobile devices to secure biometric data

The Department of Homeland Security (DHS) is spearheading an initiative to develop a wired interconnection cable/adapter that supports secure and…

 

BixeLab offers guidance on engaging APAC digital ID market

A series of digital identity verification frameworks, regulations and laws are taking effect across the Asia-Pacific region, presenting a sizeable…

 

Unissey first to receive Injection Attack Detection certification

Liveness detection from Unissey has become the first to achieve compliance certification under the Injection Attack Detection (IAD) program as…

 

Dominican Republic biometric passport plans advance, supplier to front costs

The Dominican Republic is preparing to launch its biometric passports with embedded electronic chips to replace the machine-readable version, with…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events