1. RE "recent eIDAS & GDPR misimplementation chaos started"1.1 misimplementation means an instance of applying something incorrectly1.1.1 instance means a data object that Telia's affiliates - SK ID Solutions (formerly AS Sertifitseerimeskeskus) together with its RA - Omnitel (legal name - AB Telia Lietuva) have been issuing to the public as "qualified certificate" (QS).1.1.2 something means "Qualified certificate" - a complex data structure that was initially defined in directive 1999/93/EC. For clarity, the QS in 1.1.1 (which is incompatible with the directive) is called surrogate QS.1.1.3 Worth mentioning also evaluation of legality of surrogate QS by:a) the Data Protection Authority (legal name Valstybinė duomenų apsaugos inspekcija - VDAI) ordered Omnitel to stop issuing surrogate QSs. This order is still ignored (how and why can be discussed separately);b) the Supreme administrative court which ruled that surrogate QS violates the Data protection law (an implementation of directive 95/46/EC, now regulation 2016/679 - GDPR). This is also ignored (how and why can be discussed separately).See case translation here: https://journals.sas.ac.uk/deeslr/article/download/2142/2072/1.1.4 based on the above, misimplementation of directive 1999/93/EC means incorrect application of Article 2 (10) (and Article 8 and Annex I). For technical details see the surrogate QC profiles here: https://www.skidsolutions.eu/en/repository/CPS/1.1.5 the regulation 910/2014 (eIDAS) enhances and expands the acquis of Directive 1999/93/EB - its transitional measure (Article 51 (2)) provision the conditions for the recognition of QSs (issued according to directive 1999/93/EC) as qualified electronic signature certificates (QESC) under eIDAS.1.1.6 the fact that SK ID Solutions together with its unaudited RA - AB Telia Lietuva:a) within transitional period issued surrogate QSs only, means incorrect application of eIDAS Article 51;b) after transitional period have been issuing surrogate QSs only, means incorrect application of eIDAS Article 28 (1) - (3).1.1.7 based on the above, misimplementation of eIDAS means incorrect application of Article 5, 28 (1) - (2) and 51 (2).1.2 chaos means complete confusion and disorder1.2.1 when surrogate QCs are accepted as QESCs, it is confusion.1.2.2 eIDAS has at least three directly applicable mechanisms to prevent issuing surrogate QCs, but none of them worked as expected (disorder):a) TSP audit by CAB - surrogate QCs were accepted;b) TSP "qualified service" assessment by the Supervisory body - surrogate QCs were accepted;c) Trust list management by the Scheme operator under the Commission implementing decision 2015/1505 - surrogate QCs were accepted.2. RE "This sounds like you're specifically referring to actions taken by Telia Company AB"Correct. Telia Company AB is the driving force of an ”organized group”, wherea) The Swedish government creates "favorable conditions" in the countries of Telia Company AB's business operation (at least easy access to local governments is guaranteed);b) The Telia Company AB management partners with local governments so that the doors of relevant institutions (agencies) are open to its local affiliate (remember "What's good for General Motors is good for the country"?)https://m.facebook.com/story.php?story_fbid=10156465065383408&id=96251623407&m_entstream_source=video_home&player_suborigin=entry_point&player_format=permalinkc) The Telia Company AB affiliate develops "special relationship" with the institutions so that at least supervision of its business is completely "switched off", this includes lobbying any desired legislation (surrogate QC is "locally legitimazed" despite of competing with other national laws and EU directives and regulations.I must apologize for this schematic/simplified response covering 20+ years of Telia Company AB's business practices in Baltics.If you google "Telia + corruption", almost all information will be about Telia Company AB's (formerly TeliaSonera AB) "achievements" in teleco markets, this is partly because of:- its huge propaganda machine on mass media and social networks;- private embassy in Brussels, e. g. see https://www.linkedin.com/posts/skaitmeninio-sertifikavimo-centras_why-we-have-the-eidas-gdpr-misimplementation-activity-6747690541766504448-iYsc- naturally invisible/hard to understand trust services.Please let me know if you need more info or have any questions - the information above is backed by publicly acessible evidence material from official sources.Thanks,M.D.Sent from my Galaxy -------- Original message --------From: Moudrick Dadashov <[email protected]> Date: 12/30/21 17:34 (GMT+02:00) To: [email protected] Cc: "[email protected]" <[email protected]>, "[email protected]" <[email protected]>, "[email protected]" <[email protected]> Subject: Re: FW: RE: Public Discussion: Inclusion of Telia Root CA v2 Sure, Ryan, allow me 2-3 days as I’m fully booked by my grandchildren :)Thanks,M.D.On Thu, Dec 30, 2021, 06:00 Ryan Sleevi <[email protected]> wrote:On Wed, Dec 29, 2021 at 9:33 AM Moudrick M. Dadashov <[email protected]> wrote:If approved, this request will create a precedent of ”do like Telia” - a practice that is widely used by Telia Company AB and its affiliates in the trust services markets under eIDAS. That’s how the recent eIDAS & GDPR misimplementation chaos started.I suggest this request be approved after the conversion of corporate relationships into clearly identified, disclosed and audited specific PKI participant roles.Moudrick,For those following, could you share more precise details (e.g. references to news articles or other discussions) about the "recent eIDAS & GDPR misimplementation chaos started"? This sounds like you're specifically referring to actions taken by Telia Company AB, and perhaps some more context/references would help understand your concern.
-- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAMMZRrw30kcstFoUBKZBKtcDC_YYqkAr8BPBobdz44%3D9NwsnjQ%40mail.gmail.com. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/61d3266c.1c69fb81.50483.f2f8SMTPIN_ADDED_MISSING%40mx.google.com.
