Extract:

"If a proposal currently before the European Parliament and Council passes, the security of HTTPS in your browser may get a lot worse. A proposed amendment to Article 45 in the EU’s Digital Identity Framework (eIDAS) would have major, adverse security effects on millions of users browsing the web.

The amendment would require browsers to trust third parties designated by the government, without necessary security assurances. But trusting a third party that turns out to be insecure or careless could mean compromising user privacy, leaking personal or financial information, being targeted by malware, or having one’s web traffic snooped on.

What is a CA?

Certificate Authorities (CAs) are trusted notaries which underpin the main transport security model of the Web and other internet services. When you visit an HTTPS site, your browser needs to know that you are communicating with the site you requested, and that trust is ultimately anchored by the CA. CAs issue digital certificates that certify the ownership and authenticity of a public encryption key. The CA verifies that this key does belong to that website. For a certificate to be valid in a browser, it must be signed by a CA. The fundamental duty of the CA is to verify certificate requests submitted to it, and sign only those that it can verify as legitimate.

What is a Root Store?

Operating systems and browsers choose which CAs meet their standards and provide benefits to their users. They store those CAs’ root certificates in their root store. A CA that does not meet these rigid requirements are not allowed in these root stores.