Chrome should be able to use eID from all EU states before 01 July 2016
Reported by
andrey.v...@gmail.com,
Mar 7 2016
|
||||||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; CrOS x86_64 7834.52.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 Platform: 7834.52.0 (Official Build) beta-channel monroe Steps to reproduce the problem: 1. Login to Chrome OS 2. Plug-in a smartcard reader for eID into USB port 3. Insert eID into a smartcard reader 4. Try to access into any eID compatible (Stork 2.0) sites. What is the expected behavior? You can login into Stork 2.0 sites. What went wrong? 1) eID smartcard reader is not recognized properly. 2) PIN dialog had not appeared 3) Access is abset for EU goverment's sites (Stork 2.0). Did this work before? No Chrome version: 49.0.2623.75 Channel: beta OS Version: 7834.52.0 Flash Version: Shockwave Flash 21.0 r0 There is similar bug for CAC and PIV cards ( Issue 220971 ) which is not solved for three years. I think that this time is critical to change priority. CAC cards user base is circa 6 million in US but eID user base is more then 300 million people across EU. Important: eID (eIDAS - Regulation EU 910/2014 from 23 July 2014) will be mandatory from 1 July 2016. If Chrome can not be able to support eID then Chromebooks would be widthdrawn from EU government, business and education markets. Useful links: 1) https://ec.europa.eu/digital-single-market/en/trust-services-and-eid 2) https://www.eid-stork2.eu/index.php?option=com_phocadownload&view=category&id=8&Itemid=174
,
Mar 16 2016
,
Mar 16 2016
The work being done in Issue 220971 should be sufficient to address this. I do not believe any special action is needed. Note that Regulation EU 910/2014 does not require the use of TLS client certificate authentication by the use of websites. As we've expressed our feedback to the eIDAS Task Force responsible for EU 910/2014, the use of TLS client certificates as a form of authentication is technologically inferior, incompatible with modern web technologies and security standards, and creates a user-and-privacy hostile experience. The developments in the IETF TLS WG further underscore these technical limitations, both in the proposed TLS-LTS but also in the TLS 1.3 work, as does the work in the IETF HTTP WG and the use of HTTP/2 (which is incompatible with client certificates). The value of EU 910/2014 is certainly good for purposes of document signing and electronic signatures, which ChromeOS can support through the use of enterprise extension APIs (e.g. https://developer.chrome.com/extensions/platformKeys ). eID via TLS is thus strongly advised against, as the market does not support such use cases.
,
Mar 17 2016
For now situation is clear for users. You can login with eID on Windows PC and you can not login with eID on Chromebook. It doesn't matter for what reason you can not login on Chrome OS absolutely because ordinary users don't read this thread. I think that the situation can be changed in the following ways: 1) Chromium team can extend their temporary solution for Belgian eID (https://goo.gl/4U88mU) for other countries which are used eID regulary (Estonia, Greece, Italy, Slovak Republic, Slovenia, Spain) 2) A Chromium representative will present eIDAS working solution for eID which is based on technologies that fully compliance with your web security vision.
,
Mar 17 2016
I recommend use those sites for check compatibility of current Chrome solutions for eID: 1) Estonian E-Business Register (https://ettevotjaportaal.rik.ee/index.py?chlang=eng) 2) Slovak Republic Electronic Services (https://portal.minv.sk/wps/wcm/connect/en/site/top/home) 3) Slovenia Business Point (http://eugo.gov.si/en/starting/business-registration/limited-liability-company-doo/)
,
Mar 17 2016
Please prioritize and assign.
,
Nov 10 2016
,
Nov 11 2016
,
Nov 11 2016
,
Aug 23
,
Sep 18
|
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by mbarbe...@chromium.org
, Mar 8 2016