This article was reviewed by member(s) of WikiProject Articles for creation. The project works to allow users to contribute quality articles and media files to the encyclopedia and track their progress as they are developed. To participate, please visit the
project page for more information.Articles for creationWikipedia:WikiProject Articles for creationTemplate:WikiProject Articles for creationAfC articles
This article is within the scope of WikiProject Europe, an effort to build a comprehensive and detailed guide to
European topics of a cross-border nature on Wikipedia.EuropeWikipedia:WikiProject EuropeTemplate:WikiProject EuropeEurope articles
This article is within the scope of WikiProject Law, an attempt at providing a comprehensive, standardised, pan-jurisdictional and up-to-date resource for the
legal field and the subjects encompassed by it.LawWikipedia:WikiProject LawTemplate:WikiProject Lawlaw articles
This article is within the scope of WikiProject European Union, a collaborative effort to improve the coverage of the
European Union on Wikipedia. If you would like to participate, please visit the project page, where you can join
the discussion and see a list of open tasks.European UnionWikipedia:WikiProject European UnionTemplate:WikiProject European UnionEuropean Union articles
This article is part of WikiProject Electronics, an attempt to provide a standard approach to writing articles about
electronics on Wikipedia. If you would like to participate, you can choose to edit the article attached to this page, or visit the
project page, where you can join the project and see a list of open tasks. Leave messages at the
project talk pageElectronicsWikipedia:WikiProject ElectronicsTemplate:WikiProject Electronicselectronic articles
This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of
computers,
computing, and
information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join
the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles
This article is within the scope of WikiProject Technology, a collaborative effort to improve the coverage of
technology on Wikipedia. If you would like to participate, please visit the project page, where you can join
the discussion and see a list of open tasks.TechnologyWikipedia:WikiProject TechnologyTemplate:WikiProject TechnologyTechnology articles
For
legal reasons, we cannot accept
copyrighted text or images borrowed from other web sites or published material; such additions will be deleted. Contributors may use copyrighted publications as a source of information, and, if allowed under
fair use, may copy sentences and phrases, provided they are included in quotation marks and
referenced properly. The material may also be rewritten, providing it does not infringe on the copyright of the original orplagiarize from that source. Therefore, such paraphrased portions must provide their source. Please see our
guideline on non-free text for how to properly implement limited quotations of copyrighted text. Wikipedia takes copyright violations very seriously, and persistent violators will be
blocked from editing. While we appreciate contributions, we must require all contributors to understand and comply with these policies. Thank you.
/wiae/tlk 18:01, 7 April 2016 (UTC)reply
References
A couple of days ago, some of the references in the eIDAS article where removed by an anonymous user with the justification that they were "SPAM". I strongly support the movement of keeping Wikipedia free of spam. However I had to undo the activity as it was not justified. Let me defend the notability of the authors quoted in the following.
The first reference deleted as spam was by Jens Bender from Fraunhofer Institute, one of Germany's most renowned research institutes. The source was published on www.Bund.de, which is the public portal of Germany's Federal Administration. The source was critically evaluating opportunities and risks and helped to bring the article away from wiktionary kind of explanation towards an evaluating essay.
Also Ashiq J.A. is known to many security experts. His tweets on #infosec have more than 800 followers (
https://twitter.com/AshiqJA). Mr Ashiq is security evangelist within the U.A.E government and brought a valuable outside perspective. Then there were quotes by Mrs Dawn Turner. I like her posts and regularly quote her as she creates the bigger picture, sets into context and explains. Especially when talking about the intersection of information security and law, this helps a lot.
Additional sources will help to enhance. But please avoid destructive steps that would harm the credibility of the article. Discussions in the talk section would be the most fruitful. I like those discussions like in the talk of the
Beatles entry. They help sharpening and improving the article. And please do not work anonymously.
ScienceGuard (
talk) 08:07, 14 December 2016 (UTC)reply
Data-Security and eIDAS
Increasingly I follow discussions on the security of eIDAS. I.e. the risk that centralized trust-service-providers could be tempted to breach data security laws and misuse data as they have an overall insight into transactions, participating agents (nodes) their relationships (edges). Governments (or Espionage agencies and hackers) would get easy access to a network of relationships which can be maliciously exploited. I know that ETSI is continuously working on additional standards helping to secure the data and to better specify eIDAS. But I did not find any notable source so far that allows to discuss this in the article.
Please contribute!
ScienceGuard (
talk) 08:13, 14 December 2016 (UTC)reply
You were prescient. Seven years later, the EU is expanding the law to enable exactly that. There weren't reliable sources then, but there certainly are a lot clamoring about it now.
DenverCoder19 (
talk) 16:39, 4 November 2023 (UTC)reply
eIDAS 1.0 and 2.0 separate
Should the 1st and 2nd versions of the law be separate articles or single ones?
DenverCoder9 (
talk) 15:37, 4 November 2023 (UTC)reply
Article 45
A significant proportion of publications covering the law specifically examine Article 45, so I've put more weight to it, since this seems to be the most historically significant provision of the law.
DenverCoder19 (
talk) 16:21, 4 November 2023 (UTC)reply
MITM Section inaccuracy
The section "Man-in-the-middle attacks and mass surveillance" has a very negative tone. It also states various factually incorrect statements and fearmongering. I have problems with the following:
- The term "EU Government". This sounds like the EU as a organization will be able to read, decrypt and perhaps re-encrypt HTTPS traffic, when it is in fact the national government that would be able do that.
- The mentions about the EU being able to "hack into any internet-enabled device" is too extreme and unsubstantiated with the sources provided. While yes, internet traffic could theoretically be intercepted and decrypted, that alone wouldn't allow "the EU" to "hack any internet-enabled device".
For this I am marking this section as disputed.
Creekie (
talk) 10:41, 9 November 2023 (UTC)reply
"Any EU government" refers unequivocally to any government in the EU. It's plural. This might be an American-European English split. In American English, "government" generally refers to the public sector as a whole, not the parliament or cabinet.
Yes, in fact it would allow any EU government to hack into the communications of any internet-enabled device. As long as a device is controlled by the internet, the packets can be intercepted and modified, as stated in the source.
DenverCoder19 (
talk) 01:23, 24 November 2023 (UTC)reply
The purpose of Qualified Web Authentication Certificates (QWACs) is to enhance the security and transparency of the Internet as trusted services. QWACs do not restrict browsers own security policies, especially as Article 45 of the Identity Regulation leaves it up to them to maintain their own procedures and criteria in order to maintain and preserve the privacy of online communication using encryption and other proven methods.
Recital 65 establishes that, for the purpose of enhancing online security for end-users, "providers of web browsers should, in exceptional circumstances, be able to take precautionary measures that are both necessary and proportionate in response to substantiated concerns regarding security breaches or the loss of integrity of an identified certificate or set of certificates."
QWACs enable website identification at a high level of assurance, attesting the link between the website domain name and the natural or legal person to whom the certificate is issued, and confirming the identity of that person. Providers of web-browsers should then display the certified identity data and the other attested attributes to the end-user in a user-friendly manner in the browser environment.
158.169.40.25 (
talk) 09:07, 9 April 2024 (UTC)reply
MITM Qualification
A user added "While the main language of that text..." If I'm reading this correctly, it suggests that web browsers will be able to detect a MITM. However, they will still be able to perform the MITM, which is what a wide range of organizations were concerned about.
Is there a third-party source that analyzes this assertion? The source appears to be a single organization and not a secondary source.
DenverCoder19 (
talk) 01:48, 2 December 2023 (UTC)reply
QWAC issuers will have to undergo constant monitoring by their auditors in addition to annual audits, plus annual evaluation by an independent Conformity Assessment Body, as well as monitoring and approval by a national Supervisory Body. It is difficult to imagine how in this scenario the use of QWACS should facilitate an undetected MITM attack. Please refer to the detailed statement elaborated by the European Signature Dialogue to correct misinformation on the topic.
(4) Post | LinkedIn158.169.40.25 (
talk) 09:08, 9 April 2024 (UTC)reply