Re: Never understood certs
Digital certificates and TLS/HTTPS offer two benefits.
1. Traffic is encrypted between yourself and the web server. Only the web server can read your input and only your browser can read the result.
2. Both the client and server are authenticated to each other. This means that if you connect to "https://example.com" then you can be certain that you are in fact connecting to the web server owned by the owner of "example.com" and not some random interloper (a banking site impersonator?) which is intercepting your traffic. This matters, especially for financial sites which lets face it is almost everything nowadays.
For this trust to work, you must be able to trust the "root certificate authority (CA) server". Provided the root CA server is trusted, then all other CAs and certificates down the chain are trustworthy by design.
This is why it is so important that internet software companies, and end users, are able to remove trust from ANY CA server if it is found to be compromised.
The proposed EU law prevents this, making it impossible to trust certificates, and therefore impossible to trust anything on the internet.
Last time I looked, at least one EU member was not a true democracy, and another EU member has only just had democracy restored. You cannot trust a state just because it is a member of the EU.