Re: [perpass] Kazakhstan to MITM all SSL traffic on January 1st, 2016
Eric Burger <eburger@standardstrack.com> Fri, 04 December 2015 02:12 UTC
Return-Path: <eburger@standardstrack.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0B701ADEB6 for <perpass@ietfa.amsl.com>; Thu, 3 Dec 2015 18:12:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.012
X-Spam-Level:
X-Spam-Status: No, score=-1.012 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, SPF_HELO_PASS=-0.001, SPF_NEUTRAL=0.779, T_DKIM_INVALID=0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V6LjVVoyAQr0 for <perpass@ietfa.amsl.com>; Thu, 3 Dec 2015 18:12:44 -0800 (PST)
Received: from biz104.inmotionhosting.com (biz104.inmotionhosting.com [173.247.246.237]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDAA11AD49F for <perpass@ietf.org>; Thu, 3 Dec 2015 18:12:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=standardstrack.com; s=default; h=To:References:Message-Id:Date:In-Reply-To:From:Subject:Mime-Version:Content-Type; bh=THL53kQfMMBGP1un4QlKcbFkyOmbm+bFYTtZMqh7IjM=; b=LsD2tJyrkTP/6VP6W9JLRkJFuQMzGGfX3IFQotuHPyeK8feeweUKXMkx5T4ZtLqn0StZkVj+PuYqB4qb0wcJrxLIKLZyE21V41ngQ7Q4AnscUSDRPdY8xdyOu2GDiWu4HhUK+S1Op9C9d788q6f9j7xamSChiADhvdiqM3n+3QA=;
Received: from ip68-100-196-239.dc.dc.cox.net ([68.100.196.239]:58045 helo=[192.168.15.111]) by biz104.inmotionhosting.com with esmtpsa (TLSv1:RC4-SHA:128) (Exim 4.85) (envelope-from <eburger@standardstrack.com>) id 1a4frW-0007PE-EB for perpass@ietf.org; Thu, 03 Dec 2015 18:12:44 -0800
Content-Type: multipart/signed; boundary="Apple-Mail=_9590D2E0-BA3D-4FA8-9A96-82B772A64F3D"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 9.1 \(3096.5\))
X-Pgp-Agent: GPGMail 2.6b2
From: Eric Burger <eburger@standardstrack.com>
In-Reply-To: <CAF5Urx8A6KAeWqmV6Abn79nPGeUsiJb-puKid7kDzTPrO-PKVg@mail.gmail.com>
Date: Thu, 03 Dec 2015 21:12:41 -0500
Message-Id: <D5375827-B74C-4841-911C-0469F91DB905@standardstrack.com>
References: <CAF5Urx8A6KAeWqmV6Abn79nPGeUsiJb-puKid7kDzTPrO-PKVg@mail.gmail.com>
To: perpass@ietf.org
X-Mailer: Apple Mail (2.3096.5)
X-OutGoing-Spam-Status: No, score=-2.9
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - biz104.inmotionhosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - standardstrack.com
X-Get-Message-Sender-Via: biz104.inmotionhosting.com: authenticated_id: eburger+standardstrack.com/only user confirmed/virtual account not confirmed
Archived-At: <http://mailarchive.ietf.org/arch/msg/perpass/v2TvMElnLUydmrGZtEd6x2UZZ1Q>
Subject: Re: [perpass] Kazakhstan to MITM all SSL traffic on January 1st, 2016
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2015 02:12:46 -0000
Government mandated front door for their citizens’ “protection.” Is this the impetus to fix the root certificate problem? This ‘solution’ is 100% IETF compatible and compliant (!). > On Dec 3, 2015, at 8:43 AM, Yakov Shafranovich <yakov@shaftek.biz> wrote: > > This is being done via a "national" SSL certificate. > > Original post has been taken down, archived version here: > https://web.archive.org/web/20151202203337/http://telecom.kz/en/news/view/18729 > > Hacker News: > https://news.ycombinator.com/item?id=10663843 > > Text: > ----- > Kazakhtelecom JSC notifies on introduction of National security > certificate from 1 January 2016 > >> From 1 January 2016 pursuant to the Law of the Republic of Kazakhstan > «On communication» Committee on Communication, Informatization and > Information, Ministry for investments and development of the Republic > of Kazakhstan introduces the national security certificate for > Internet users. > > According to the Law telecom operators are obliged to perform traffic > pass with using protocols, that support coding using security > certificate, except traffic, coded by means of cryptographic > information protection on the territory of the Republic of Kazakhstan. > > The national security certificate will secure protection of Kazakhstan > users when using coded access protocols to foreign Internet resources. > > By words of Nurlan Meirmanov, Managing director on innovations of > Kazakhtelecom JSC, Internet users shall install national security > certificate, which will be available through Kazakhtelecom JSC > internet resources. «User shall enter the site www.telecom.kz and > install this certificate following step by step installation > instructions”- underlined N.Meirmanov. > > Kazakhtelecom JSC pays special attention that installation of security > certificate can be performed from each device of a subscriber, from > which Internet access will be performed (mobile telephones and tabs on > base of iOS/Android, PC and notebooks on base of Windows/MacOS). > > Detailed instructions for installation of security certificate will be > placed in December 2015 on site www.telecom.kz. > > PR department > Kazakhtelecom JSC > > 30.11.2015 > ----- > > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass
- [perpass] Kazakhstan to MITM all SSL traffic on J… Yakov Shafranovich
- Re: [perpass] Kazakhstan to MITM all SSL traffic … Eric Burger
- Re: [perpass] Kazakhstan to MITM all SSL traffic … Leif Johansson