
Indian ISP won’t let its users use strong encryption - devnonymous
https://www.privateinternetaccess.com/blog/2017/07/indian-isp-wont-let-users-use-128-bit-256-bit-encryption/
======
ZiiS
So wrap your good encryption in another layer of 40bit encryption. If they
call you on it you can prove conclusively that 40bit encryption doesn't work.

------
tangoalpha
You broadband is one of the best ISPs in India. Probably after ACT. One of the
first companies to invest in fiber optic cable and changed the internet
landscape in India.

This screen shot came up in r/india a few days ago. They aren't really
enforcing any such caps on encryption. It's a case of an outdated TOS, which
was more likely a copy-paste job, where neither the copywriter nor the one who
approved it, had no idea of what they are talking about.

------
eklavya
Used You Broadband a few years ago. Awesome service. Had no problems
whatsoever with the level of encryption of anything. This is most probably an
outdated law requiring them to have this clause. I am pretty sure banking
rules and regulations require a much stronger encryption. So the law is at
odds with itself :/

~~~
devnonymous
The interesting bit is...

> ...the Department of Telecommunications, to forbid individuals, groups, and
> organizations from using encryption with keys stronger than 40 bits _without
> permission_. Instead of asking the regulators for this permission to allow
> its users to actually utilize viable encryption key lengths without
> violating the user policy, YOU Broadband has elected to pass on the 15 year
> old rule on encryption – essentially making the use of encryption online
> against the rules of the ISP and a potential reason to lose service.

------
londons_explore
Can't really complain at an ISP who requires (but doesn't technically enforce)
their customers to meet the local law...

~~~
vidarh
Of course one can complain. The way I read the article, they've used them as
an example because of their size, and to make it concrete. Putting pressure on
ISPs gives ISPs a reason to put pressure on government.

------
0x006A
So you can not access any site that uses TLS?

~~~
devnonymous
You can, but you're in breach of contract and they can disconnect you anytime
based on this. Furthermore you may lose any other rights as a consumer due to
this.

~~~
e12e
This is crazy. Might be time to revist "chaffing" and see if it's possible to
warp that into working as vpn and/or tls/ssl wrapper/replacement? (Or of
course, due the usual thing and work politically to get crazy legislation off
the books....).

[https://people.csail.mit.edu/rivest/Chaffing.txt](https://people.csail.mit.edu/rivest/Chaffing.txt)

