Article 45 of the eIDAS Directive Unveils the need to implement the X.509 4-cornered trust model for the WebPKI

Author First name, Last name, Institution

Ahmad Samer Wazan, Zayed UniversityFollow
Romain Laborde, Université de Toulouse
Abdelmalek Benzekri, Université de Toulouse
Imran Taj, Zayed University

Document Type

Conference Proceeding

Source of Publication

ACM International Conference Proceeding Series

Publication Date

7-30-2024

Abstract

Article 45 of the new eIDAS Directive (eIDAS 2.0) has caused significant debate on the Internet as it gives European governments the power to make EU-certificated web certificates accepted without the approval of web browsers/OS, which are considered to be the current gatekeepers of the WebPKI ecosystem. This paper goes beyond the current debate between the WebPKI gatekeepers and the European Commission (EC) about the implications of Article 45. It shows how both approaches do not provide full protection to web users. We propose a better approach that Europe can follow to regulate web X.509 certificates: Rather than regulating the issuance of web X.509 certificates, the EC can play the role of a validator that recommends the acceptance of certificates at the web scale.

DOI Link

10.1145/3664476.3670900

ISBN

9798400717185

Publisher

ACM

Disciplines

Computer Sciences

Keywords

eIDAS, Risk, Trust, WebPKI, X.509

Scopus ID

85200399379

Recommended Citation

Wazan, Ahmad Samer; Laborde, Romain; Benzekri, Abdelmalek; and Taj, Imran, "Article 45 of the eIDAS Directive Unveils the need to implement the X.509 4-cornered trust model for the WebPKI" (2024). All Works. 6715.
https://zuscholars.zu.ac.ae/works/6715

Indexed in Scopus

yes

Open Access

no