Kazakhstan introduces its CA to listen to all TLS traffic
The state provider Kazakhtelecom, in connection with the innovations of the Law of the Republic of Kazakhstan "On Communications", intends to listen to all encrypted TLS traffic starting January 1, 2016, replacing the site certificates with a national security certificate issued by the Committee for Communications, Information and Information of the Ministry of Investment and Development of the Republic of Kazakhstan .
So that users do not get scared about the certificate substitution, Kazakhtelecom JSC intends to release detailed step-by-step instructions on how to add it to the key holders on iOS and Android mobile phones and tablets, personal computers and laptops based on Windows and MacOS, in December www.telecom.kz
Apparently, the certificate will be substituted not only for HTTPS connections, but also for other encrypted TLS connections, including FTPS, IMAP and SMTP with TLS.
')
UPD (03/03/2016): Beeline posted news about the need to install a certificate: www.beeline.kz/m/ru/news_items/11669
UPD (06/18/2016): New page from Beeline and Telecom.kz .
So that users do not get scared about the certificate substitution, Kazakhtelecom JSC intends to release detailed step-by-step instructions on how to add it to the key holders on iOS and Android mobile phones and tablets, personal computers and laptops based on Windows and MacOS, in December www.telecom.kz
According to the Law, telecom operators are obliged to pass traffic using protocols that support encryption, using a security certificate, with the exception of traffic encrypted by means of cryptographic information protection in the Republic of Kazakhstan.telecom.kz/news/view/18729 (news removed, link to the archive )
The national security certificate will protect Kazakhstan users when using encrypted access protocols to foreign Internet resources.
According to Nurlan Meirmanov, Managing Director for Innovations of Kazakhtelecom JSC, Internet users need to install a national security certificate that will be available through the Internet resources of Kazakhtelecom JSC. “The user needs to go to the website www.telecom.kz and install this certificate on their Internet access devices, following the step-by-step installation instructions,” N. Meyrmanov emphasized.
Apparently, the certificate will be substituted not only for HTTPS connections, but also for other encrypted TLS connections, including FTPS, IMAP and SMTP with TLS.
')
UPD (03/03/2016): Beeline posted news about the need to install a certificate: www.beeline.kz/m/ru/news_items/11669
In the absence of a certificate installed on your device, sites using encryption using the HTTPS protocol (mail.ru, google, etc.) may not be available.
UPD (06/18/2016): New page from Beeline and Telecom.kz .
Source: https://habr.com/ru/post/272207/
All Articles