And Eric Rescorla (CTO of Firefox) just published this fantastic writeup about #eIDAS, the EU's attempt to legislate that browsers *must* trust certain root certificates that issue #QWAC certs, a specific kind of EV cert. It also starts with a great overview of the whole #WebPKI system, in order to set up the argument that eIDAS is Bad for the Internet.

https://educatedguesswork.org/posts/eidas-article45/

It goes on to propose alternate designs that achieve the EU's goals without compromising trust. Well worth a read!