[Cryptography] JSC notifies on introduction of National security certificate from 1 January 2016
bear at sonic.net
Fri Dec 4 17:52:40 EST 2015
On 12/04/2015 04:00 AM, Michael Kjörling wrote:
> On 3 Dec 2015 03:44 +0000, from cryptography at dukhovni.org (Viktor Dukhovni):
>> My translation:
>> According to the Law network operators are required to implement
>> use of the [national] security certificate for transmission of
>> traffic which employs encryption-capable protocols, with the
>> exception of traffic, encrypted by cryptographic security
>> systems on the territory of the Republic of Kazakhstan.
> Can anyone please explain what the exception to the rule is supposed
> to mean?
> Does it mean that if the computer running the software doing the
> encryption is physically located in Kazakhstan, then the "national
> security certificate" is not or does not need to be used? If so, then
> even if we were to take the "this is for your own protection" argument
> at face value, how can this possibly help?
As I read it, the objective is to monitor the use of *foreign*
Internet services by Kazakh citizens. The drafters of the law
may presume that *domestic* services don't present a foreign
threat to domestic security and are therefore outside some
legal basis that would justify the passage of a law.
Which, honestly, isn't that unreasonable a distinction, although
this type of mandatory-monitoring tool will not help and instead
is likely to put them front and center in a long series of disasters
until they develop a better plan.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the cryptography