
National Certificate in Kazakhstan Is Canceled - tsarka
Over the past two weeks, residents of Nur-Sultan, capital of Kazakhstan, have faced problems with access to the Internet. Officials explained that it was happening because of the new security system&#x27;s testing. It was said to be a part of «Cyber shield of Kazakhstan» which allows to increase the country&#x27;s defense capability and counteract information wars. According to previously received statistics, the authorities managed to inspect a third of all traffic in the Nur-Sultan city.<p>TSARKA assumed the role of a moderator in this situation and it seems that we managed to reach the top management of the country and convey our arguments. From our point of view, the optimal solution has been reached in the course of negotiations with the participants of the process.<p>A few hours ago we were officially informed that the tests were completed, all the tasks set during the pilot were successfully solved. Those who have established the National Certificate may delete it since it will no longer be needed. The need for its installation may arise in cases of strengthening the digital border of Kazakhstan within the framework of special regulations.<p>We don’t know how you guys are, but we breathed a sigh of relief when we heard about this news. Everyone got their own: we got the free Internet, the government got an instrument for fighting digital weapons.<p>P.S. We are especially proud of our role in the process. It was difficult not to fall into a negative point and maintain neutrality, but now we are satisfied with ourselves.
======
pimterry
When you say:

> we got the free Internet, the government got an instrument for fighting
> digital weapons

I'm not sure what this means. What is the instrument the government now has
for fighting digital weapons? Is it the ability to turn this HTTPS
interception back on later?

If so, this doesn't sound like _great_ news. That would mean the government
has stopped intercepting traffic for now, but it reserves the right &
capability to do so again in future whenever it feels like it (I.e. whenever
the internet next contains something Kazakhstan gov doesn't like).

------
steve19
> P.S. We are especially proud of our role in the process. It was difficult
> not to fall into a negative point and maintain neutrality, but now we are
> satisfied with ourselves.

Not sure if the translation has not carried through. Are you staying you are
pleased you did not oppose it because opposing it might have caused to
government to make it permanent?

Sounds like the moment the government needs to crack down on someone they will
flip the switch knowing there won't be any opposition.

I can't help but think if the government were wanting to spread positive
propoganda about these tests, your post is exactly what they would write:
"everyone wins and everyone is happy with our results of MTIMing the entire
country".

~~~
abraae
Indeed, the OP has such a dodgy sound to it. Like a satire of how the regime's
puppets would wriggle out of their situation.

------
solarkraft
> The need for its installation may arise in cases of strengthening the
> digital border of Kazakhstan within the framework of special regulations.

Translation attempt: If deemed necessary, people will be forced to install a
state certificate again.

Assuming that the goal is to be able to break encryption:

\- How do you ensure people will install the certificate?

\- How do you ensure people don't communicate by state-intransparent means,
even with the certificate installed?

I'm guessing heavy, heavy penalties?

~~~
pimterry
> How do you ensure people will install the certificate?

I think the short answer is: your internet won't work until you do.

VPNs out of the country avoid this of course; not clear if they're working to
actively block that.

------
andrey_utkin
What is TSARKA (who are you)?

What you mean you are proud of your role?

What you mean by neutrality other than negativity, when the whole story is
about forced access to everyone's computer to install a backdoor devised by
the government?

~~~
shakna
I think this [0] is TSARKA. I'm a bit vague on what they actually _do_ looking
through the site.

The TSARKA president said something along the lines of:

> [TSARKA] is the first private computer incident response team in Kazakhstan.

So I _think_ they're a IT security contractor, and from other things they seem
to have a leaning towards penetration testing.

[0] [https://tsarka.org/](https://tsarka.org/)

------
Arbalest
I wonder about the "you are now free to delete the certificate". Not everyone
will do this if they aren't tech savvy enough, or don't care. This will mean 2
things 1. Those that don't may still be able to have their traffic intercepted
2. Those that do reject the signing (if the attempt is made) may find
themselves the subject to further investigation.

~~~
yrro
Perhaps OS and browser vendors should push out updates that blacklist the
certificate?

------
betaby
Link to the official statement would definitely help.

~~~
azangru
Does this count (same announcement, but on the site of the org)?
[https://tsarka.org/post/national-certificate-
cancelled](https://tsarka.org/post/national-certificate-cancelled)

~~~
solarkraft
Yep, thanks. Now I have an idea what "We are especially proud of our role in
the process" means.

Since the organisation seems to be posting here officially, instead of jumping
into speculation right away, why don't we try to ask them some questions
first?

------
brudgers
Context, [https://www.zdnet.com/article/kazakhstan-government-is-
now-i...](https://www.zdnet.com/article/kazakhstan-government-is-now-
intercepting-all-https-traffic/)

------
troydavis
Related discussion:
[https://groups.google.com/forum/#!topic/mozilla.dev.security...](https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/wnuKAhACo3E)
(from
[https://news.ycombinator.com/item?id=20638838#20639494](https://news.ycombinator.com/item?id=20638838#20639494))

------
marksomnian
Discussion in mozilla.dev.security.policy (mailing list to discuss TLS
implementation in Firefox/NSS):
[https://groups.google.com/forum/#!topic/mozilla.dev.security...](https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/wnuKAhACo3E)

------
alltakendamned
so, a CERT organisation that is proud of its role in mitm'ing all traffic in
the country ?

Of course, all in the name of fighting the four horsemen of the infocalypse...
(ref.
[https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...](https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalypse))

You might want to get your moral compass checked.

------
iserlohnmage
I wonder if normal citizens of Kazakhstan can visit HN and report the
situation there.

~~~
trazire
The SSL cert was simply for "bad" data on "trusted" sites. See
[https://en.wikipedia.org/wiki/Internet_censorship_in_Kazakhs...](https://en.wikipedia.org/wiki/Internet_censorship_in_Kazakhstan)

------
GrumpyNl
Why is your name green?

~~~
DanBC
Green names indicate newer accounts.

This is so that established users can provide friendly, helpful, advice and
pointers to features of HN.

~~~
azangru
Thank you; I didn't know that. I thought green color had something to do with
whether the user is the topic starter or not

------
utouq
I misread Karazhan... What the fuck is the Violet Eye up to now...

~~~
charlesdm
Prince Malchezaar should have the answer

