With the deal struck at the last minute, Brexit is officially done. In the deal, however, are some… odd aspects, including mentions of Netscape Navigator.
The mention occurs in the regulations around encryption, which are notably outdated, including SHA-1 (which was broken in 2017), and 1024-bit RSA encryption which is vulnerable to brute force attacks.
The language appears to come from a 2008 EU document, which seems to indicate it was used recycling old text.
Why do we care?
So here is how regulation is often done – like any document, a healthy bit of cut and paste. You need an encryption piece? Borrow it from the last time we needed an encryption piece.
We care because of the example this highlights – you need to track, and input, on regulation affecting the industry because left to their own devices, lawmakers simply aren’t experts enough to write it correctly. I don’t believe including Netscape Navigator is a huge issue… but now we know the encryption standards set by law aren’t right, and you CAN deliver subpar and insecure software now legally in this context.
Source: The Verge