[Cryptography] JSC notifies on introduction of National security certificate from 1 January 2016

Ray Dillinger bear at sonic.net
Fri Dec 4 17:52:40 EST 2015



On 12/04/2015 04:00 AM, Michael Kjörling wrote:
> On 3 Dec 2015 03:44 +0000, from cryptography at dukhovni.org (Viktor Dukhovni):
>> My translation:
>>
>>     According to the Law network operators are required to implement
>>     use of the [national] security certificate for transmission of
>>     traffic which employs encryption-capable protocols, with the
>>     exception of traffic, encrypted by cryptographic security
>>     systems on the territory of the Republic of Kazakhstan.
> 
> Can anyone please explain what the exception to the rule is supposed
> to mean?
> 
> Does it mean that if the computer running the software doing the
> encryption is physically located in Kazakhstan, then the "national
> security certificate" is not or does not need to be used? If so, then
> even if we were to take the "this is for your own protection" argument
> at face value, how can this possibly help?


As I read it, the objective is to monitor the use of *foreign*
Internet services by Kazakh citizens.  The drafters of the law
may presume that *domestic* services don't present a foreign
threat to domestic security and are therefore outside some
legal basis that would justify the passage of a law.

Which, honestly, isn't that unreasonable a distinction, although
this type of mandatory-monitoring tool will not help and instead
is likely to put them front and center in a long series of disasters
until they develop a better plan.

				Bear

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151204/59d84ff8/attachment.sig>


More information about the cryptography mailing list