[perpass] Kazakhstan to MITM all SSL traffic on January 1st, 2016
Yakov Shafranovich <yakov@shaftek.biz> Thu, 03 December 2015 13:43 UTC
Return-Path: <yakov@shaftek.biz>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDBC01A879E for <perpass@ietfa.amsl.com>; Thu, 3 Dec 2015 05:43:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.279
X-Spam-Level:
X-Spam-Status: No, score=-1.279 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SNWZT8elDiQv for <perpass@ietfa.amsl.com>; Thu, 3 Dec 2015 05:43:46 -0800 (PST)
Received: from mail-oi0-x231.google.com (mail-oi0-x231.google.com [IPv6:2607:f8b0:4003:c06::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D8EB1A8794 for <perpass@ietf.org>; Thu, 3 Dec 2015 05:43:46 -0800 (PST)
Received: by oiww189 with SMTP id w189so48705708oiw.3 for <perpass@ietf.org>; Thu, 03 Dec 2015 05:43:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shaftek-biz.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to:content-type :content-transfer-encoding; bh=zjUx8jtRRPZfgXpHJFGCliOF3xzv2SxgwbO3WQThp28=; b=kmaDGlmJa+hCLrrNVF1LfBHnx8Q+8ureSPaTn1kaGmEFBCClbBHUnxeazYEXL3rMSC Yr8on+vhe5IdCe55fZy9SOt0C2q9Qd7gSk/gcdd99QKSnsE4yZe4E/mOy0p1hCTORUzV KfKqJ7uiQp70dVw7p1xKJGnAqplICTad1JpjUY6lxs+O9qiu3Ql6X0QjcyH0cwXSKMbZ 3YXtZ6H5wXTN5mwZhc5BYmdzn3B2lvGRttwjaVycptYZelLN81Igmq/HCSJ25SgtlXCN gl7PZvq4rbczjS7GgG7lZobdWUFvnUsaFz+7JFfnCsYoZfQeImIAMgesCN5fKi9L6OoR zDiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-type:content-transfer-encoding; bh=zjUx8jtRRPZfgXpHJFGCliOF3xzv2SxgwbO3WQThp28=; b=K7lH/qgQ6tKBGvmDADnDAFhjaV9GDXr5GzbhvBG/sjQ67T8fLvQKephmKzkevRCbUl 02NhR691QgWpMVPVKXqljwXUyuneQkLAWAGoCuQ4eSWqpmLrLWMLEQ7945ae5eYX+bWC L+q4NfOboTwnOjKq5Aq1mscYeioMmSZSNopBaoS+W+4pfJb7TinUFcUiubRNGNAKMNHU 1S2KR+ueVu8Ann7nLSQJqFSFpwHJMX4VzEzslnzA2UQ+MFE1OKY4uWi5LRig6WBDVkuM a9+LEn2H5kGR8qHKJrLsN2AWrspPPHej+rSxvlHIQ7g7AF8CT2DMlDGtmJXbPWEuX+N+ JGTA==
X-Gm-Message-State: ALoCoQltyYrN4/KesxFEB6yt2uJtqedU6/NpXu7pfXN5ZTj/cqE47fD/KvL1pwdnvXRyA5C4YhCl
X-Received: by 10.202.205.146 with SMTP id d140mr7330731oig.1.1449150225865; Thu, 03 Dec 2015 05:43:45 -0800 (PST)
MIME-Version: 1.0
Received: by 10.202.91.9 with HTTP; Thu, 3 Dec 2015 05:43:02 -0800 (PST)
X-Originating-IP: [108.15.50.95]
From: Yakov Shafranovich <yakov@shaftek.biz>
Date: Thu, 03 Dec 2015 08:43:02 -0500
Message-ID: <CAF5Urx8A6KAeWqmV6Abn79nPGeUsiJb-puKid7kDzTPrO-PKVg@mail.gmail.com>
To: perpass@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/perpass/FormT3p85UREp1l5o4IbVQK1vwg>
Subject: [perpass] Kazakhstan to MITM all SSL traffic on January 1st, 2016
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2015 13:45:59 -0000
This is being done via a "national" SSL certificate. Original post has been taken down, archived version here: https://web.archive.org/web/20151202203337/http://telecom.kz/en/news/view/18729 Hacker News: https://news.ycombinator.com/item?id=10663843 Text: ----- Kazakhtelecom JSC notifies on introduction of National security certificate from 1 January 2016 >From 1 January 2016 pursuant to the Law of the Republic of Kazakhstan «On communication» Committee on Communication, Informatization and Information, Ministry for investments and development of the Republic of Kazakhstan introduces the national security certificate for Internet users. According to the Law telecom operators are obliged to perform traffic pass with using protocols, that support coding using security certificate, except traffic, coded by means of cryptographic information protection on the territory of the Republic of Kazakhstan. The national security certificate will secure protection of Kazakhstan users when using coded access protocols to foreign Internet resources. By words of Nurlan Meirmanov, Managing director on innovations of Kazakhtelecom JSC, Internet users shall install national security certificate, which will be available through Kazakhtelecom JSC internet resources. «User shall enter the site www.telecom.kz and install this certificate following step by step installation instructions”- underlined N.Meirmanov. Kazakhtelecom JSC pays special attention that installation of security certificate can be performed from each device of a subscriber, from which Internet access will be performed (mobile telephones and tabs on base of iOS/Android, PC and notebooks on base of Windows/MacOS). Detailed instructions for installation of security certificate will be placed in December 2015 on site www.telecom.kz. PR department Kazakhtelecom JSC 30.11.2015 -----
- [perpass] Kazakhstan to MITM all SSL traffic on J… Yakov Shafranovich
- Re: [perpass] Kazakhstan to MITM all SSL traffic … Eric Burger
- Re: [perpass] Kazakhstan to MITM all SSL traffic … Leif Johansson