undefined | Better HN

0 pointsJensson2y ago0 comments

Why shouldn't you be able to do that? Seems like a simple thing to implement. I get why they want a hardcoded list, but I don't get why you can't add a way to block parts of that hardcoded list.

0 comments

g-b-r2y ago

web-browsers shall ensure

JenssonOP2y ago

The only requirement is that browsers displays the data. The browser can add "warning, this certificate is potentially compromised" when it displays it, nothing in the current document says browsers aren't allowed to say that, just that the browser has to be aware of the certificate.

It is similar to how Chrome displays a warning when you visit some sites. You can visit the site anyway, but you get a warning since Google thinks it is bad.

agwa2y ago

It's not clear that a warning would be allowed. In particular, the new paragraph 45(2a) prohibits mandatory checks on eIDAS certificates.

Mozilla has proposed text[1] that would make clear that the requirement is only to display identity information, but this text has not been adopted.

[1] https://securityriskahead.eu/wp-content/uploads/2023/09/Mozi...

yaris2y ago

Technically correct. But if Firefox displays a big red warning when someone's grandma goes to her favourite recipe website, and Safari (or Chrome) just display the website to grandma (and to the officer on duty, but who cares) - how long will Firefox survive?

g-b-r2y ago

Even without the 45 (2a), displayed in a user-friendly manner could already be interpreted to prevent prominent warnings

j / k navigate · click thread line to collapse

0 comments

g-b-r2y ago

web-browsers shall ensure

JenssonOP2y ago

It is similar to how Chrome displays a warning when you visit some sites. You can visit the site anyway, but you get a warning since Google thinks it is bad.

agwa2y ago

It's not clear that a warning would be allowed. In particular, the new paragraph 45(2a) prohibits mandatory checks on eIDAS certificates.

Mozilla has proposed text[1] that would make clear that the requirement is only to display identity information, but this text has not been adopted.

[1] https://securityriskahead.eu/wp-content/uploads/2023/09/Mozi...

yaris2y ago

g-b-r2y ago

Even without the 45 (2a), displayed in a user-friendly manner could already be interpreted to prevent prominent warnings

j / k navigate · click thread line to collapse