[Cryptography] JSC notifies on introduction of National security certificate from 1 January 2016

[Michael Kjörling]

On 3 Dec 2015 03:44 +0000, from cryptography at dukhovni.org (Viktor Dukhovni):
> My translation:
> 
>     According to the Law network operators are required to implement
>     use of the [national] security certificate for transmission of
>     traffic which employs encryption-capable protocols, with the
>     exception of traffic, encrypted by cryptographic security
>     systems on the territory of the Republic of Kazakhstan.

Can anyone please explain what the exception to the rule is supposed
to mean?

Does it mean that if the computer running the software doing the
encryption is physically located in Kazakhstan, then the "national
security certificate" is not or does not need to be used? If so, then
even if we were to take the "this is for your own protection" argument
at face value, how can this possibly help?

If it means that only systems outside of Kazakhstan need to use the
certificate, then how can that be mandated, given that it would be out
of the Kazakhstan government's jurisdiction?

No matter how I read that exception, I can't figure out what it's
supposed to mean.

-- 
Michael Kjörling • https://michael.kjorling.se • michael at kjorling.se
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)