Hacker News new | comments | show | ask | jobs | submit login
Kazakhstan to MitM all HTTPS traffic starting Jan 1 (telecom.kz)
803 points by out_of_protocol 780 days ago | hide | past | web | favorite | 361 comments

Kazakh here. Fuck, what do we do? Any suggestions other than trying to raise awareness?

To give some context, the reason why they are getting away with such brute methods is that the most people wouldn't understand the full implication. I would be surprised if this would prove difficult to enforce - the first thing an ordinary person would do when, say, Facebook wouldn't load is to call up the Kazakhtelecom's support and the support guy would tell them to "press that button that says 'I trust this certificate'" and they would comply. There also hasn't been an uproar re government snooping into private citizens' communication, the kind that US had with Snowden etc., so a lot of people are likely to accept the "for your own security" talk at face value without much skepticism. It's also unlikely that even heightened awareness will inspire much backlash, as there is no real track record of grassroots organizing, even when the government tightens the screws. To its credit, the government has been quite skillful at balancing at just below the limit of pissing people off enough to make them go to the streets for the last twenty years (soaring oil prices in the last decade helped as well).

What do you do? You immediately reach out to Apple, Google, Facebook, Twitter, Box, Dropbox, Tumblr, and any other popular platform which has mobile apps. You ask, or down-right demand they implement certificate pinning in their apps so they will fail when middled with the government provided certificate. This will in turn break access to those platforms via mobile apps which will result in very real and direct impact to citizens who will then hopefully wake up and pressure the government to roll-back the program or at least put exceptions in place. You continue this strategy with banks, etc., until it becomes clear to the government that this plan will not work. Note that cert pinning for mobile and desktop apps should have happened long ago & this might be the perfect opportunity to drive it to happen.

Down-right demand? With what authority? It sounds like you're confusing these corporations for governments, as if they had to enforce your human rights..

The authority of the free market. Did web PKI develop because of governments? No. In fact, quite the contrary. Similarly, if consumers are educated and aware of the weaknesses of current cryptography controls in light of new threats such as governments requiring the installation of their own root CA so they can middle the connection, maybe they'll drive demand for better controls, controls which already exist.

> The authority of the free market

That only works in some areas of the world, where a, there is a somewhat free market; b, the free market idea exists in the first place.

As always, like in Perl, there are other ways of doing things; free market is not a universal law.

Consumers want their kitten videos. They would only view the dialog as an error message, something to get rid of.

Authority is a self-made concept, and governments are just a type of corporation. Of course neither "has" to enforce your human rights, but if these corporations stood up for the people it would be good for everyone involved.

Rights exist, they cannot be enforced they can only be violated.

Demand as in "do it or I'll vote with my feet".

Are you suggesting governments "have to" "enforce your human rights"? Wouldn't that imply not monitoring everyone?

Certificate pinning does not work with certificates that are installed in the devices trusted certificate store.

Certificate pinning is absolutely targeted at stopping the use of rogue root CA's installed in devices. OWASP does a pretty good job of covering the topic.


You just linked to 20 screenfuls of text that explain pinning in general, without a single mention of "rogue".

The fact is that pinning as implemented in Chrome exempts installed CA's from pinning checks because they want to allow administrator-mandated MITM - apparently "market requirement" because it's a common practice in schools and workplaces in some countries that lack reasonable communications privacy legislation.

Of course a system misbehaves if you use an (intentionally) broken application. That's a Google Chrome issue and not an issue with pinning.

You might have a point if Chrome hadn't been the first browser to implement pinning, therefore defining the concept in web context to a large extent.

You may argue that this is is broken behaviour, but that's what pinning currently is in browsers. Seems it's this way in Firefox too ("pinning not enforced if the trust anchor is a user inserted CA, default" - https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinn...)

Apps can certificate pin in 2 ways. One, they can directly inspect the certificate fingerprint and pin to a specific fingerprint (I chose this method for Level Money's product).

The other option is to examine and pin the signing certificate. This is more code and more prone to error, but makes your connection slighty more robus in the face of a compromised certificate.

And yes, both techniques work even if a cert in your root store has another certificate. Applications can simply refuse to function, but this has to be done on an ad hoc basis.

He's talking about mobile apps pinning the backend certificates, not HPKP.

You are confused. This is exactly what pinning defends against.

Sorry, no:

    Chrome does not perform pin validation when the
    certificate chain chains up to a private trust anchor.
    A key result of this policy is that private trust
    anchors can be used to proxy (or MITM) connections,
    even to pinned sites.
-- https://www.chromium.org/Home/chromium-security/security-faq...

How does "Chrome does not perform pin validation" translate to "This is not what pinning defends against"?

The fact that Chrome ships with a broken implementation does not imply the concept is broken.

You are right of course, but there are apparently a whole lot of people of the opinion that since Chrome was (one of the?) first apps implementing some sort of pinning, that this is de facto what certificate pinning "is".

I don't really agree with that, but it's IMO more useful to acknowledge the confusion, than having an argument about whether Chrome really does pinning or even gets to de facto define pinning or not, since this isn't even about Chrome :)

I get your point. The notion of designating a broken implementation as "the standard" makes me queasy, ever since IE6 happened.

But still, I would have much preferred if the GP would have started their comment with "yes, but" instead of "sorry, no". That would have made the distinction much clearer.

How would the telco get their Private Trust Anchor into the certificate store ? More social engineering, i suppose. At the app level though, a chain resolution like what you describe is not required.

They will be telling citizens to install a "national security certificate". After they implement this, you won't be able to access the internet without it.

I'll give you a hint: they run customs.

Wuh? Why not just ask the user to insert the cert?

They COULD do that but they almost certainly aren't doing that. That's a tedious task that requires a lot of time and technically competent employees.

Also we are talking about apps implementing certificate pinning. Not reading from the OS store etc., and therefore, I don't see Kazakhstan reverse engineering and patching executables.

Why the hell doesn't Chrome have its own root cert store by now anyway? I can't believe they are leaving such an important trust piece to Microsoft's Windows...

I don't think you understand how certificate pinning works then. Many apps right now allow local trust stores, but with this announcement I bet that'll change.

    > most people wouldn't understand the full implication
So attack that. Tell a story. What does this allow the government to do? Could a jealous ex-lover who works for the government read their ex's messages? Could the local mayor find out if you've got a medical problem? Get an illustrator to draw these up as little comics. Make images that people can understand.

This is a great example: http://www.wordstream.com/images/what-is-net-neutrality-isp-...

Keep the government out of our dick picks!

John Oliver: Government Surveillance https://youtu.be/XEVlyP4_11M?t=1518

Keep our dick pics out of government databases, you mean? I never took a dick pic which included governmental staff, but maybe I'm weird like that...

Ha! This is great. Might consider putting together something similar. Thanks.

Thanks. That's a solid idea.

I created the above image. Just to give you an idea of how important it is to make sure that the message is easy to absorb, a few years ago this made it into the WCIT leaks:


Check out the fifth to last page, which is basically identical to what I created, if presented a bit worse. Did anyone give a shit? Nope.

Is that a genuine logo of the fucking ITU, the international body probably most obliged to prevent this kind of shit globally, and was this put together by a "senior staff member of the ITU" rather than /u/quink on reddit? Yup.

Did anything of that presentation make it to the media or public discussion? Nope. Meanwhile, my PNG has been posted here on HN 6 years after I first created it.

Let me know if you need my help, but I'm not at all sure how to best broadcast that message. Keeping away the MITM (who is here employed by an "elected" government with executive powers and "judicial oversight" acting "in the interest of public security" rather than a bogeyman or a corporation) is harder than protecting the ability to consume. Maybe the answer lies in making people afraid for their money.

Anyone with access to the private key for the certificate, which includes anyone with access to the multitude of servers that relay traffic for the entire country, could technically drain everyone's bank accounts and give away your shares at their discretion, if you've ever used online banking or trading in Kazakhstan. A single bad memory or whatever bug in some software somewhere and the number that's the private key is in the open.

In all honesty, make investors and bankers afraid and any government will shut up. As for ordinary lives of people, PRISM has shown us that they don't really care about this security stuff.

Thanks so much for your offer to help - as soon as I figure out the best course of action I might contact you. The fact that they took the page down gives some hope - maybe they're not as reckless and understand that the public won't be happy about this. We'll see what happens next.

>In all honesty, make investors and bankers afraid and any government will shut up. This is a great idea in general, but it requires a strong corporate/investor establishment that is independent from the government. Unfortunately and unsurprisingly, 90% of the Kazakh Forbes list are either 1) straight up politicians, 2) politicians' close relatives (offspring and in-laws), 3) those, whose involvement with government is "open secret" (e.g. someone rumored as being a president's personal banker), or 4) those doing in oil and gas, heavily regulated industries where government's cooperation is required to make it work. :(

Anyways, thanks for all the insight!

>Kazakh here. Fuck, what do we do? Any suggestions other than trying to raise awareness?

Revolution or leaving the country are your only choices. There is no democracy so there is probably no way to resolve this grievance, and I doubt it would be anywhere near the top of list for most citizens.

You can speak english and probably have computer skills, so I hope it would be possible for you to get out.

> There is no democracy so there is probably no way to resolve this grievance

Just for the record, look to the US for a good example of how well democracy works for "resolving grievances".

Occupy Wall Street protesters aired some grievances, and were beaten and tased into submission. The same happens anywhere, every time the citizenry actually demands something.

It's kind of amazing how people still hold democracy as some sort of 'value' to strive for, when in reality it's just a PR-facade.

Beaten into submission? Maybe they tried that, but eventually what worked was that they were legislated into submission. They found some technicality for why they couldn't legally occupy that space, and everything went downhill fast after that. (I could be wrong. I wasn't paying much attention at the time.)

We can rest assured there were plenty of beatings and tasings involved - that's a big part of why some "people" become police officers in the first place.

But the point is that the same thing happens everywhere. Not that long ago, Hong Kong's people protested against China appointing their rulers. They were beaten and maced etc.

Brazilians protested against a massive waste of their money on The World Cup (or some such), and got swiftly brutalized by the police. Venezuelans protested economic destruction etc, and got brutalized.

You see, as long as people just endure whatever bullshit their rulers are inflicting on them, the rulers don't have to give a fuck about them. But when people actually resist, they are violently repressed.

Otherwise the masses might start entertaining the notion that maybe they don't have to just take all the bullshit bureaucracy, massive looting/exploitation, surveillance and abuse they're subjected to after all, and their rulers definitely don't want that to happen.

The whole point of being a ruler is exploiting your subjects. Surveillance and brutality are mostly just a part of what it takes to maintain your rule over them.

I'd like to point out one difference: as far as I know, in the US police are never given orders to hurt protesters. In theory, they can even get in trouble for doing so. In the other countries you listed, this was official policy.

In any case, my point was that in the Occupy Wall Street case, these things occurred, but they are not what caused the final blow. The final blow was a court ruling that said they have to clear out. (The wording was a bit more subtle, but that's what Wikipedia is for.)

> as far as I know, in the US police are never given orders to hurt protesters. In theory, they can even get in trouble for doing so. In the other countries you listed, this was official policy.

Well, they don't need orders to hurt protesters. Some of them will actively seek out opportunities for doing so, because that's what they signed up for. Those would be the psychopaths, by the way.

Yes, in theory they can get in trouble for hurting people, but in practice we all know they don't.

> The final blow was a court ruling that said they have to clear out. (The wording was a bit more subtle, but that's what Wikipedia is for.)

I have no clue if that's accurate, but it sure would have been convenient for Wall Street.

I'm afraid there are only two options here:

- A life-long educational program for the people, starting with study of basic logic, rhetoric, and obscurantism. Consider collaborating with people trying to do the same in e.g. Russia.

- Joining the burgeoning autocratic bureaucracy and playing by its rules to bring change from within. If you don't feel like you have the energy or skills, consider supporting a like-minded, but more capable person in their career. It's never a crime to support a growing bureaucrat.

The biggest challenge you're going to face is defining a common idea to unite the people with whom you want to collaborate. "Like-minded" should mean something specific, or else. This idea should paint a picture compelling enough to motivate people to act, even if only a smallish number, and big enough to eclipse the lesser differences among the collaborators.

The only easy option is emigration.

Raise awareness, spread the word about Tor. If they start running attacks against Tor, start an uproar. And pitch Tor as an elementary security measure; say "do this to make your communications more secure." It isn't perfect, but maybe it's better than nothing?

Kazakhstan already blocks Tor website and its bootstrap nodes. Also I heard that it has DPI hardware and made an attempts to block Tor traffic (but last time Tor worked for me with my private bridge). No uproars here :) Most citizens are not educated to understand what Tor is and will trust government, who'll tell them that Tor is for criminals and must be forbidden.

I suspect Kazakhstan doenst have the resources to mount attacks against tor unless they can pay some western company to do it for them. Blocking it is a somewhat different matter.

De-anonymisation attacks may be non-trivial, but does TOR have any real resiliency to DDoSes?

Raise awareness but also provide a solution, i.e. "gov. is spying on you here is how to avoid it: guide on how to use a VPN or something".

I really appreciate how they're doing this. The Chinese built up an amazing infrastructure for the Great Firewall; the Kazakhs just say "install our cert!" The Chinese spend billions and have to stay ahead of all of their citizens' clever new ideas at all times; the Kazakhs spend a few hundred and just need to point guns at their citizens until they install a cert.

Sure, it's going to be difficult to enforce, but it should also be quite cheap.

Chinese govt is also capable of doing this. Best part? We even have our trusted* root certificate!

Could this get any "better"? Sure! We can even MITM all the OUTGOING https traffic if we want! #GitHubDDoS

* Recently un-trusted by Apple and Mozilla. https://support.apple.com/en-us/HT204938

Was that trusted root cert ever misused? IIRC, it was un-trusted because they did not do their due diligence on how an issued sub-cert was being used by an Egyptian company.

What does the GitHub DDOS have to do with MITM attacks on https?

the ddos was achieved by altering the contents of one of the script on a large chinese site (was it baidu? google it). Once every user on that site loaded the tampered script, it made sure to send many requests to github.

Was the large Chinese site serving traffic over HTTPS?

Sadly, they (Baidu) are not, which is why the script content was easily modified.

To clear it up, I said that GFW "can" do (but has not yet done) these. But it tried to MITM some https traffic earlier with a non-trusted certificate as an experiment.

@andreyf: More like a social experiment. See whether people would notice (we did) and what's their reaction.

Experiment? This isn't science. They can ask any engineer what MITM with a non-trusted cert would do, and that's nothing.

I really don't understand how that sort of behaviour doesn't constitute an act of war.

Imagine if China sent saboteurs in-country to physically destroy infrastructure being used by American businesses. That would Not Be Taken Lightly.

    > how that sort of behaviour doesn't constitute an act of war
You need photos of explosions and dead babies to convince your populace to go to war. Making a case for war between nuclear powers on the basis that "some website for geeks became a bit less reliable" isn't going to cut it.

The same way that Stuxnet destroying Iranian centrifuges was an act of war ?

Yes. Although I'd have thought that particular war would have started back with the hostage-taking in, what, 1979?

I really don't understand relationships between States.

I'm not a West Hater by any means, but I'd say the war started when the US and the UK engineered a coup in Iran because Iran nationalized their oil industry (after the British oil company running it refused to be audited or to renegotiate terms).


Whereas I'd say the problem was forced nationalisation.

That does not justify overthrowing another country's government. Most countries, including the United States, recognize the state's eminent domain over its land and its natural resources. Besides which, the Iranians tried to negotiate, the British refused, so the Iranians nationalized in response.

A foreign coup is a valid response to nationalisation?

I'm not sure. But nationalisation is certainly a violation of rights.

Of course, I'd be interested to see how those assets were set up in the first place - my bet would be during a non-rights-respecting period of colonialism.

How far back do you go? (Serious question).

You go to when the country got a democratically elected government.

As for nationalisation is certainly a violation of rights do you hold that all eminent domain is a violation of rights? IE if the government wants to build a road and uses compulsory purchase orders it's a violation of rights?

Yes. It's possible to do such things in non rights violating ways. For example, buying options on properties and exercising them when a route is made.

Starting point for international relations:


always love a good reference to Argo.

Which sort of behavior? Having their own root certificate?

I meant China's behaviour, e.g. orchestrating a DDOS attack against GitHub for political reasons.

The root certificate thing is 'merely' a violation of the rights of their own subjects.

Ah, ok that makes more sense.

To be fair they really fucked up a couple of stages of that GitHub DDOS and made it trivial to stop.

And they managed to shine the spotlight on a project in need of some tlc.

> it's going to be difficult to enforce

I guess it's just a matter of dropping every connection that you can't MITM, no?

You don't have to. Proxy handles the request and just gives response back to you signed with national cert. If you don't install it, your browser will just start complaining about every site. At least that is how Bluecoat ProxySG[1] works at my employee.

[1] https://bto.bluecoat.com/webguides/proxysg/security_first_st...

Funny story, most of the machines / servers at my workplace weren't vulnerable to Heartbleed - but ProxySG was. AFAIK they built their own OS from scratch, too.

For SSL traffic, yes, but that wouldn't stop someone from using a different encryption protocol.

country wide, this is a loud call for a cloud, distributed proxy provider with a better track record than the telco, to offer tor-like tunnels to at least exit the MITM zone.

easy to enforce inside the country. Just set it so that there's no https if you don't have the cert! It is becoming a legal requirement for all telcos in the country so even if you're roaming (with a data plan from a foreign provider, for example) - you're still using the local telcos.

Only way to avoid is to use some kind of foreign satellite internet or maybe private / non government / non telco dark fibre.

I guess VPN is the only way to avoid it. Or sshuttle or something over port 80. But then again, how long will it take before they can detect that and then block it?!

Or you can use non-standard ports, and change them continuously.

They can just block everything by default and only enable what they can decrypt. Maybe you could try tunelling encrypted data over HTTP, but heuristics could probably pick that up too.

Well, in that case I'm just going to invent a TCP-over-cat-pictures VPN. Encode all the TCP packets in the subtle details of the fur and package everything up as innocent-looking HTTP GET requests.

This realistically shouldn't be too hard to do with obfsproxy's already-built framework.

You're going to run out of cat pictures pretty quickly.

I've been thinking about this lately, and it seems that you could use something like a book code. Client and server use existing internet accessible images as the book and then your communication simply references bytes in those images: client requests a URL that encodes the bytes it wants to send, server returns HTML containing the urls of images containing the bytes it wants to send in response (and any extra content that helps make the page seem normal, ignored by the client). Pictures could be anything anywhere (lolcats, wikipedia, etc.), client should only ever need to download the picture once. Bandwidth wouldn't be great, but if the server is accessible via a wide (and evolving) variety of domains it seems like it would be quite hard to distinguish this from normal browsing.

Just pass a DVD with white noise when you meet in person. That should keep you in one time pads as long as you want to communicate with someone. All you need is XOR and a bookmark. Of course you need to meet once, if that's not feasible you're going to get more technical.

In Vernor Vinge's A Fire Upon the Deep I recall a plot element along these lines. Traders traffic in cubes of material that acts as a super dense source of pad data. Your communication partner on another ship would have the twin cube, and the two would be synced up and then provide the carrier data stream for video and other content. When your cubestuff is exhausted your secure authenticated comms cease.

If the censorship is based on the government being able to make some sense of what you're communicating, XORing with a PSK will not work, because they will see meaningless garbage and block it. The reason I suggested cat pictures is because the censors will see actual cat pictures and (hopefully) consider the protocol not worthy of blocking.

s/cat pictures/whatever you want/

got a repo i can contribute to?

Just drop fresh meme text on 'em and Bob's your uncle!

I think you may be on to something here.

Pretty easy really. Without knowing the key for the steganographic algorithm, it's really hard to get the data out unless you can compare it to the original. So if you're sourcing the pictures from somewhere, you'll need to manipulate false bits that aren't called for from the data itself to keep it from being breakable in such a manner.

If I had the free time, I'd create a cryptographic protocol running on top of telnet that looked like someone playing a MUD.

For email, you'd encrypt data to have it look like regular prose. So you'd only get a few bits per English word, but that would be sufficient for short messages. Could also make use of extra spaces in between words.

The real trick with that would be to take an existing document, and alter it to encode a message. So you'd be doing things like using synonym choice to get your bits.

There aren't enough MUD players to make it inconspicuous.

Cat pictures and steganography.

Wait, isn't reddit already used for this extensively? With each subreddit being a separate comms channel. Or is there another reason why very little reddit content makes sense?

It's not even difficult to enforce. If you don't install their cert, you don't have access to the internet. Or you just have to force Chrome to ignore all SSL errors, which is the same thing.

Love the Orwellian Newspeak: a "National Security Certificate" to protect people accessing "foreign resources"... If you don't know anything about the subject it really sounds like they're doing you a favor.

When you replace Certificate with Letter we understand how dedicated our governments are to our well being.

Google, Facebook, Yahoo, Microsoft, Salesforce, Box, Dropbox, Twitter, etc. could have a very strong influence on changing this if they banded together to respond to this in some way.

The government might be doing what they think is right, but public backlash can change policy almost overnight. We saw this in the US recently with SOPA/PIPA. The "Internet" response was unprecedented.

The people of Kazakhstan can achieve the same outcome.

Kazakhstan is not the US. We are highly unlikely to see a public uprising in Kazakhstan over this when the country has had the same president since 1991 and rubber-stamp parliament. Protests in 2011 were quelled by gunning down protestors (see below).

Nazarbayev, re-elected in a barely contested election to a fifth term on Sunday, was born to a peasant family. He trained as an engineer before rising through the ranks of the Kazakh Communist Party to head it in 1989 and was elected president on the eve of the Soviet breakup in 1991.

Since then, his power has become absolute, with resounding, but internationally criticised election victories in 1999, 2005 and 2011. There is no obvious succession plan in place and there are no clear alternatives to Nazarbayev's rule...

In 2011, however, a pay dispute in the oil sector turned violent with government troops shooting dead 15 protesters and injuring over a hundred

[source:] http://news.yahoo.com/nazarbayev-kazakhstans-moderniser-auth...

There was no public uprising after Snowden in the US either ... Some will now say you can't compare this. They are right because what Kazakhstan is doing there looks amateurish.

Yes, because an overwhelming majority of Americans dislike Snowden. Not a slim majority, an overwhelming one. http://www.usnews.com/news/articles/2015/04/21/edward-snowde...

An overwhelming majority of those think he is 'the wikileaks guy' though.


what does the attractiveness of his girlfriend have to do with it?

If Snowden works for the US, or did when he leaked, who does / did he report to? It certainly wasn't Clapper...

Google, Facebook, Yahoo, etc tried this in China and failed. It inconvenienced the people, but it's not going to cause a popular uprising. In the west, you forget that guns and the threat of raw violence by the government are a very real deterrent

Kazakhstan isn't going to produce a Baidu, but I'm sure Yandex and VK would be happy to fill a void and play along with their rules. And in the end, people just have less access to unfiltered news about the outside world. It's a losing plan.

And BlackBerry tried in Pakistan and "succeeded" - at least in delaying the shutdown of its servers by another month.

It's easier to do it in countries where "freedom" was the status quo and then the government decides to do something like that. China isn't exactly a free country to begin with, and the Great Firewall was older than Google in China.

Blackberry caved and gave the Saudi's and other gulf nation the ability to decrypt the traffic, as usual money plays a bigger role than morals. Not that morals played anything in the decision to begin with BB calculated that it would cost them more to cave than to resist in terms of because it could sway existing customers to switch away from their platform, that was true for Pakistan but since Saudi Arabia and the Gulf states have money it wasn't true in that case. And if you are implying that Kazakhstan was "free" to begin with that's utterly wrong, you are also wrong about China the "Great Firewall" didn't came online until 2003, and they still do not implement wide scale SSL MITM attacks (I've used Internet in China that wasn't a special line for foreigners or was routed through HK and many sites like wikipedia for example were blocked over HTTP but not over HTTPS). That said fighting such activity by boycotting only aggravates the situation as you are doing even more harm to the people of the country, it's bad enough being monitored 24/7 but at least you have access to information and people from all over the world.

China is a large enough market that Chinese services (Baidu, Weibo, QQ, etc) can fill the gap. And there's many companies that did play ball (Microsoft).

Kazahstan could just use Baidu, but it's really best for Chinese speakers, and it would give leverage to China (which they might be leery of).

> The people of Kazakhstan can achieve the same outcome.

Highly unlikely. From Wikipedia: In April 2015, Nazarbayev was re-elected with almost 98% of the vote.

That kind of tells the whole story - people are "behind" this (or rather no-one dares contradict the authorities). That country is basically owned by the Family and resistance is pretty much futile.

In other words: it doesn't matter who is voting, what matters is who is counting the votes.

Given the highly volatile ethnic mix of Kazakhstan and the lurking destabilizing effect of foreign interests longing for abundant mineral resources, a strong majority for stability over freedom is hardly surprising. Nonetheless, 98% seems very much out of this world. But with the "right" mix of fearmongering and early divide-and-conquer intervention when a moderate opposition ist starting to organize? Certainly not unthinkable. There's so much more to a healthy democracy than not miscounting the votes.

I don't know why you're downvoted.

I agree a hundred percent. People from stable democracies tends to underestimate how afraid people can be of chaos and how easy it is for some goverment to associate democracy with chaos.

When a moderate opposition starts to organize, a non-moderate one (or one that takes advantage of ethnic fault lines) does too.

Uh...that's not what I read into a 98% election result!

You aren't the least bit suspicious about a 98% election result?

What should these companies responses be? And why should the kazach goverment care? They'd prefer if the poeple used russian (or kazach) copy cats like vkontakte anyway.

The government preference isn't important, citizen preference is.

As to what they can do... it's a range from info to painful, but they can choose a range of options from serving up interstitials in a localized language that explains the issues, problems, and privacy and security implications... all the way to deny service.

If the citizens demand access to those services, or find it offensive that their privacy and security is being violated and circumvented, they will take action.

And these companies can help orchestrate, just as we did with SOPA/PIPA.

> If the citizens demand access to those services, or find it offensive that their privacy and security is being violated and circumvented, they will take action.

Hah, right. They'll just file a complaint to their ombudsman and the Congress will take care of it.

No, this is Kazakhstan, not California. If citizens band up and demand something that the government is against, the police will crack down on their homes, arrest 15,000 people at random out of which only 10,000 or so will return to their homes (not necessarily alive), and the remaining 5,000 will rot in jail for high treason. And if they keep getting wise ideas, they'll send in the army.

You're talking like Kazakhstan is a functional democracy. http://exiledonline.com/the-massacre-everyone-ignored-70-str...

Let's not forget when they bossed around some Italian secret services, police and administration underlings to arrest and deport the wife and child of a Kazakh dissident: http://www.ft.com/cms/s/0/0d35c07c-e57f-11e2-ad1a-00144feabd...

Wow, didn't know about that. Thanks for the link.

Simple. Immediately implement certificate pinning so that rogue CA's can't be used to MitM their application traffic. That should have happened long ago for these apps anyway. This will break those apps and the government, in the face of everything breaking for their citizens might re-think their plan and at a minimum, turn of TLS middling for the impacted domains.

It's unlikely that the Kazakh government would be able to do that much with it. Kazakhstan has a population of about 18M and internet penetration of about 35% if they would really want to sift through all that traffic they are more than welcome to do so, just keep in mind that even the US would probably not be able to do so with any degree of effectiveness.

The only thing that Google et al. could do is refuse to provide service to Kazakhstan which would only harm the people even more, if you are a dissident you are already taking a huge risk denying people the ability to access information and to connect with others won't help to reduce that risk just only make it worse as it would only isolate them further.

China is doing the same, so do many Gulf nations to some extent or another, no one is arguing that we should not cooperate with China, cooperation is the only real way to effect change in those nations in the first place, or would you think China would be as open as it is today if we would have a technical and cultural embargo over it?

How is China doing the same?

Western companies sell them hardware and software to process the traffic that they Capture. Cisco, et.al is complicit in this work, including the firewall itself.

Well they could make using client certificates mandatory from Kazakhstanian ip addresses. Now the gov server can't connect and so can't MITM anything.

No, that would simply make kazakhs unable to connect to that service; with the proposed solution SSL traffic that for whatever reasons couldn't be MITM'ed simply wouldn't work at all.

Because having the NSA snoop on them is clearly preferable.

As I know from my Kazakhstan-born friend, Twitter and LiveJournal are banned in Kazakhstan for years, nobody cares.

Both are available in Kazakhstan. I don't remember twitter being blocked here. LJ was blocked due to former high-profile official's blog.

"telecom.kz wants to use your location."


I wonder why that website needs your location... After all it's just a news article / press release.

I suspect although this might have some minor use to track users outside Kazakhstan, it's real use is to track web site visitors from within Kazakhstan.

setCityByIp() in Javascript. They seem to only be interested if your country code comes back as KZ. First use of the MapQuest geolocation APIs I've seen, too.

I had exactly the same reaction.

So much nope.

extra nopes!

Wow, I feel really sorry for all Kzakhstan citizens. Also, this is a great example of 'rubber-hose cryptoanalysis' - who cares about 4096 RSA or whatnot if the government can just beat you until you oblige...

Kneecaps are always the easiest things to break.

Imagining this in heavy Russian accent: "Security as good as veekest link. And veekest link... is kneecaps. Har har har."

And everyone made fun of Netflix for implementing a secure protocol on top of http. Suddenly that seems really useful for people in Kazakhstan.



If the protocol is delivered over HTTP and runs in Javascript DOM context, it will be straightforward for an adversary that MITMs all traffic to defeat it.

Yes, you'd have to sideload the initial keys/code, presumably outside the country. It works for Netflix because it's baked into the client. But at least once you've somehow gotten the keys you won't get stopped by the government blocking it since it isn't 'https' and doesn't look like 'https'.

Until they figure it out and start blocking that too of course.

Curious. How do you go about (trivially) defeating asymmetric encryption?

EDIT: or do you mean to replace "all" (content + js)?

No, just inject some JS that reads the required keys.

Okay, so it's (just) for reading the delivered data. Somehow I keep considering MitM a harmful attack (i.e. manipulating the data before it hits the user). My bad :)

Given that you're relying on server-provided JS to verify the integrity of the data in the first place, a MITM could replace the verification function with return(true) and then inject whatever data they want.

Can do that through injected JS as well.

Pretty sure that Netflix loads a Flash client (or some other trusted code module) to prevent this. But you're right; the browser isn't secure enough to enable client-side encryption over HTTP as it would be trivial to MITM and sideload JS code to defeat it.

That's the problem with "client-side encryption". It doesn't work because the provider also has the power to replace the code with no say from you.

And it's not very detectible because they do it all the time.

It’s the same reason why any DRM is completely pointless: It only provides inconvenience for the legitimate user.

I own Anno 2070 (as can be seen on my steam profile), but can only play with RELOADED crack under wine because UPlay refuses to run.

Same with this type of encryption: Kazahstan can easily defeat it, but it makes it harder for people trying to debug why they can’t use Netflix (for example, in case that Kazahstan MitM's everything, and encrypts with a different certificate than your Netflix client is using).

Client side encryption works just fine. It's only a problem in a browser where you have to download the possibly-MitM'd program each time you want to use it. Actual installed client software that encrypts end-to-end is the proper way to use encryption.

One catch: remember that the browser itself absolutely should not be the installed program doing the end-to-end encryption, where bugs can allow the private keys to be leaked. Important data like the private keys shouldn't even be in the same address space. See gpg-agent/ssh-agent as an examples of how to keep sensitive data in a separate process.

Nit: you are effectively re-downloading browser DOM JS crypto programs every time your browser loads a new DOM element for the page hosting the app. It's not just something that happens when you first visit the site.

That's one of the things that makes securing browser JS crypto so intractable.

Meh; you can't trust the first version anyway, which makes anything happening later on the page just as broken.

If it's an additional source being added much later on that you are concerned with, that's always been a broken design that Douglas Crockford warned[1] about years ago.

[1] https://www.youtube.com/watch?v=V13wmj88Zx8

If the js asset cant be trusted, what would stop an adversary from mitm-ing the application level implementation?

Until next week when GFWoKazhakhstan blocks all traffic using the Netflix protocol. Unless the traffic is steganographically hidden, uncontrollable traffic will be simply killed.

Woah, it can't be stressed how bad this is. If this succeeds, other countries will definitely follow! If it can be shown to work, it will be demanded that this be implemented by pretty much everyone for difficult to deny political reasons (terrorists, children, crime, etc)

This feels like the first bullet in a new war that will occur in every parliament world wide.

It is already par for the course in the enterprise world (both public and private sector), for difficult to deny political/economic reasons.

Which is quite another thing, after all you are using somebody else network, just as you have every right to hear Adeles new album in your home, but not in mine.

Besides these days you can use your own phone and mobile data, at which point you should be safe.

> If it can be shown to work

Work for who? This breaks SSL encryption, a technology which the modern internet relies on.

I can't say that I agree with you. Kazakstan has never really been much of a leader in world politics.

Not following the politics; following the technological "innovation". "Appropriate technology" for "developing" dictatorships.

While there are probably 100 different ways to avoid this and retain secure traffic, I would venture to guess that the average Internet savvy-ness of Kazakhstan is pretty low, so using any of them would single you out for additional government attention (whether you're actually doing anything illegal or not).

That said, there's a remarkable tendency in countries as corrupt as Kazakhstan for a "shadow" telecom network to pop up. Just run in some fiber from a neighboring country on the down-low and distribute locally via microwave dish. Yeah, it's not exactly difficult to locate a powerful dish, but it's also not glaringly obvious so you can usually pay someone to look the other way. After all, the government officials want to look into everyone's communication, but if their own communication was ever intercepted, they would be the target of blackmail! They want to use the information they gather to blackmail citizens like the Stasi, not the other way around.

Of course, the flip side of that are the mobile phone networks operated by the Mexican drug cartels and ISIS. But the only surefire way to avoid government surveillance of this sort is to bypass government regulated telecoms entirely.

Kazakhstan is possibly more democratic than all its neighbours save maybe Kirghizstan (I'm not up do date on the current government position). More democratic as in I can't make up who's more of a despot between Putin and Nazarbayev, after all they both win open elections, albeit with an iron grip on medias... But then Kirghizstan is likely depending on its neighbours for connectivity (also landlocked).

The other neighbours are shining beacons of democracy such as Russia, China and Uzbekistan...

While Russia does encroach on various Internet liberties, it does so quite lazily so far. It does not have a great firewall, it does not have force-fed SSL certs, it does not crack down on the widespread VPN usage. When Roskomnadzor blacklists certain resources, Internet providers enforce it at their leisure, it seems, because different users report a resource either be blocked or not.

"The strictness of Russian laws is compensated by their optional enforcement", as they say.

In a smaller country like Kazakhstan such things are easier to enforce, probably.

Russia is also corrupt enough (especially in the rural areas) that you could probably find an Internet connection that wasn't actively monitored by Moscow authorities. I'm not saying it would be cheap, but it's definitely doable.

Makes me wonder how long such policy would last if Google, Facebook, and Microsoft would ignore traffic from Kazakhtelecom MITM server (or just drop the whole Kazakhtelecom IP address space). Of course I'm not saying that they should do that.

Actually they really should. As soon as major networks start saying NO is when governments change, I think this is one of the few times where this kind of pressure would be mostly good.

And it wouldn't work. You've apparently have never been stuck inside China. I was there for a few years and it was brutal, network wise. Local companies just replace what can't be accessed from the outside.

China had a large domestic Internet industry, though. KZ doesn't.

Exactly, and it's been blocked almost since the beginning in China, which means users are now using local products. If the users can't access the websites they are normally using the next day, they will just get some unblocking software from a friend, this things are shared really quickly.

RU does though.

After Donbass Kazakhstan will think thrice before lending their fate to Russia.

What's worse being complicit or refusing to play by a governments rules?

It would probably have to be the entire IP address space, since they could transparently source NAT on the MITM server to make it look like it's coming from the user's IP.

Google and Mozilla should blacklist the certificate once it's made public.

That would make people in the US feel better, but it wouldn't make any difference. If a country can force residents to install software or reconfigure their machines, there's nothing browser vendors can do to make those residents secure. Essentially, Kazakhstan owns (in both senses) the Internet-connected computers of all its residents, and it can do whatever it wants with them.

It's also well within Kazakhstan's budget to do subtler, harder-to-defeat things to stop MITM circumvention. This is an arms race that Google will lose.

Can you name some examples of what they can do? Because other than release some sort of virus, which will be found in a matter of months, I don't think they can infect the entire country.

They can target more specifically than that. Suspected activists get a keylogger bundled in their next windows update. Later on another update removes all traces of it. It might take decades before something like that was noticed.

Windows doesn't use the certificate store for windows updates. Installing a root CA does not allow you to provide windows updates because I believe they hardcode the cert in the updater.

Other non-windows updates do allow you to install other software.

To set this up, Kazakhstan will have to set up their CA with the bit set for software signing. This bit will be visible by everyone and it'll be very telling instead of just being allowed as a root CA for ssl/https sites.

Have you experience with not so nice governments?

Not everything can be changed from the beautiful plains of Silicon Valley.

That would just stop their browsers from working in Kazakhstan on HTTPS sites, who would most likely respond by issuing a new certificate and/or recommending IE. It may also discourage websites from implementing HTTPS.

Not sure how this will work with certificate pinning, though. Will sites like Google become inaccessible?

No, because locally-installed certificates override pins.

Depends on how the app is implemented. Doesn't have to be that way at all, and shouldn't if properly pinned.

Individual applications (not browsers) can of course hardcode pins that aren't overridden. Those applications will simply stop working in Kazakhstan.

Depends on the client implementation. You should expect applications like Twitter for iOS to become inaccessible as it pins the certificate (correctly), i.e. adding the world of (rogue) CA's still wouldn't make the certificate valid. Apart from replacing the (hardcoded properties of the) certificate

Why is Kazakhstan's cert any different than the hundreds of "trusted" root certificates that came preinstalled on my mac?

Looking at my mac's cert keychain, there are 185 trusted root certs. I don't know what any of them are or who has the private key to them.

My ISP could MITM my traffic whenever it wants to, if it has the private key of one of the hundreds of trusted root certs on my device.

Those hundreds of trusted root certificates are, at least to some extent, held to operational and security standards. If your ISP used one of those certificates to MitM your traffic, there is a very real possibility of that certificate being blacklisted by browsers.

Further, unlike the Kazakhstan certificate, those root certificates cannot bypass HTTPS public key pinning (HPKP).

Thanks for the info! I didn't know some of this. Two questions:


> there is a very real possibility of that certificate being blacklisted by browsers

Why would a browser blacklist a certificate? Is it possible for a browser to detect a MITM attack when the SSL traffic is all signed by the private key of a trusted root certificate?


> Further, unlike the Kazakhstan certificate, those root certificates cannot bypass HTTPS public key pinning (HPKP).

You are saying that pre-installed root certificates behave differently than user-installed root certificates? Wouldn't that behavior be system-dependent? I was under the impression that no root certificates can bypass public key pinning... isn't that sort of the point of pinning? That it allows traffic encryption outside of the normal trust hierarchy? What makes the Kazakhstan cert special that allows it to break pinning?

1: A server using HPKP with the reporting feature turned on will receive reports from browsers when the certificate does not match what was expected (provided HPKP is being honored).

2: Browsers ignore HPKP when the server certificate is trusted through a user or administrator installed root CA. All mainstream browsers on all platforms behave in this way. This is by design specifically to allow enterprises to do the sort of traffic interception that Kazakhstan is implementing. The rationale is that if an attacker is able to get as far as installing their own CA on your system, you're screwed anyway.

These CAs have to follow specific rules and have external audit. MITM is prohibited by these rules: certificate authorities that participate or enable MITM are removed from root stores (example: https://en.wikipedia.org/wiki/DigiNotar).

DigiNotar was used for MITM after getting hacked. If talking about CAs caught intentionally issuing intermediates for MITM purposes, we should at least mention TrustWave (SecureTrust CA): https://en.wikipedia.org/wiki/Trustwave_Holdings#Unrestricte...

The rules and audits don't seem very effective: it's not just Diginotar that has been caught issuing rogue *.google.com certificates, but to my knowledge it's the only one that got removed from root stores.

And sometimes the CAs might receive National Security Letters insisting on National Securtiy Certificates.

A National Security Letter will not prevent the certificate authority from being blacklisted when detected, and there are at least some legal precedents for warrants (though not necessarily for NSLs) that could challenge a warrant if complying with it would effectively destroy the business (given that the business itself is not the subject of the warrant). If that isn't the definition of an "unreasonable burden", nothing is.

"A National Security Letter will not prevent the certificate authority from being blacklisted " Sure it will, just send another NSL to the blacklisting instance.

And I do not understand that going to jail instantly is a smaller burden for you than living with the small risk getting caught.

Do you really believe the NSA or any of those other patriots do not have a few of the private keys for the certificates you trust?

> Sure it will, just send another NSL to the blacklisting instance.

Instances, plural, including both browsers and various cross-check mechanisms (pinning, certificate transparency, etc). Likely too many people required for operational security.

Not saying it couldn't be done, but it certainly couldn't be done lightly or often, and even then it would produce significant risk of exposure. It certainly couldn't be effectively used for widespread traffic interception.

> And I do not understand that going to jail instantly is a smaller burden for you than living with the small risk getting caught.

As mentioned, there exists legal precedent that a warrant/subpoena for information from a third party can't compel that third-party to provide arbitrarily large amounts of aid or to impose an undue burden. Findings of "undue burden" have been upheld for burdens far smaller than "this has a risk of destroying the entire business".

warrant/subpoena != NSL

Yes, as I said in my original response, "not necessarily for NSLs".

If you don't trust them, turn them off. That's what I do, at least. I've disabled the vast majority of those roots in Keychain Assistant.

If we could rebuild the internet from scratch knowing that someone would try to do this, what measures could be put in place to make it impossible to MITM traffic (in other words, make it so the only option is to install monitoring software directly on the user's machine)? Is this something which even can be defeated with current cryptographic theory?

No, it can't be defeated. If the government says "you can't use encryption on the internet" then it's game over, simple as that. The only thing that stops western countries doing this is the fact that politicians don't realise it's possible (and the horrible UX/deployment issues involved with attempting to install a new root cert on every device your customers may have).

It's not only can be done in theory, it's already implemented in both TOR and I2P. You can't MITM traffic when it's encrypted end2end.

Issue is that cryptography won't help when there is some government that decide to enforce censorship country-wide.

This is what HTTP Public Key Pinning (HPKP) protects against.

It allows a server to specify the only set of certificates that a browser should accept. Meaning that MITM'ing is impossible, without a valid cert in the chain of one of the advertised trusted certificates from the server.

Chrome, Firefox, Opera, Chrome for Android, and the Android stock browser all support it.

I'm not sure how they intend to circumvent this problem, apart from perhaps just instructing users to not use those browsers? That's quite difficult to put into practice.

No, it isn't. Locally installed certificates override pins; if they didn't, HPKP browsers wouldn't be deployable inside large companies that have regulatory requirements to monitor traffic from their own desktops, and there would be no benefit, because an adversary who can install software or reconfigure your machine can defeat pins in a variety of other less transparent ways.

HPKP is great, but it doesn't address this problem.

I've posted this idea elsewhere, but it seems relevant again. What about, as a compromise, adding a new ExtendedKeyUsage bit for "TrafficInterception" that must be set on the CA (probably would need to be on the root and all intermediates) in order for HPKP to be ignored by the browser?

At the very least, this clarifies intentions and helps somewhat with situations like the Dell certificate where it's not intended for MitM.

As an aside, this is one of the reasons why I believe locally installed certificates overriding pinning has a quickly eroding shelf life... At some point, something bad will happen like this (or malware-based) and Chrome will raise their hand and say, "sorry enterprises, no more MITM at all, even for locally installed certificates."

After that, IE and Firefox will follow and crypto will no longer be so trivially subverted by enterprise organizations.

Response from Chrome engineers I've heard is that they won't try to fight this, because anything intentionally overridden locally is already a game over.

If they block custom certificates, then malware will patch the process to disable the checks.

And in this case the Kazakh government could say "For your safety, the Chrome doesn't work with our Internet. Please use our Khrome instead".

That's another arms race Chrome will lose, because the market for the kinds of enterprise configuration management and "host protection" tools that could override this policy exists and is very lucrative. Chrome would simply be begging enterprise security companies to release products to fuck up their browser.

I disagree with you.

Chrome already has an "enterprise" version, moving a less braindead corporate monitoring system then MITM certs into it would probably be a good thing.

It would also be a good way for them to start pushing a "two party consent" model for private wiretapping -- It's illegal for my employer to record my office phone because it's a violation of the other party's rights. Facebook has as much a stake in not letting employers monitor employee's social media use as the employees do.

Or someone just forks Chromium and releases Chromium For Enterprise.

Which again helps nobody, because forks of Chromium will inevitably lag on security fixes.

At my last job, my manager tasked me with finding a way to defeat Chrome's update mechanism for all of our employees because a new version had introduced a bug that broke our internal web applications. I disregarded his plan and just introduced a workaround for the bug, but the point remains that enterprise customers already consider it a value-add to freeze their software in time for perpetuity. Hell, my workstation was running XP until I needled IT to grant me a "premature" upgrade to Win 7.

Sorry, I meant that from the perspective of the Chromium team.

Indeed, I agree with the policy that if someone can control what's installed locally, they've already won.

Part of me hopes you are right, because I don't like seeing Chrome/Google throw it's muscle around.

Part of me hopes you are wrong, because I think encryption and security don't need to be opposing forces and MITM isn't required for strong security (though maybe for good GRC and audit).

Key pinning you can't override locally is DRM.

That's a super interesting way of framing the conversation.

Someone suggested using a special icon in the address bar to denote this kind of thing.

This would be smart. It doesn't need to be ominous, just informative.

You used the words install software for the second time and makes me wonder if the citizens of Khazakstan will be force to install an executable or just a certificate, because you make it sound a lot more scary than it looks like or I maybe I did not fully understand the repercussions.

It's pretty trivial to detect if a browser trusts your CA with client side javascript. Such javascript could be injected into HTTP pages and throw up a div covering the page until the certificate is installed (instructions provided, of course).

Ah, Thanks for clearing that one up! As much as I dislike it, that reasoning does make sense.

It would be great if the use of a locally installed CA were flagged, for instance, by a question mark next to the lock icon. That would at least make it visible.

> Locally installed certificates override pins.

Which is a blatant security risk, which should be fixed immediately.

> wouldn't be deployable inside large companies that have regulatory requirements to monitor traffic from their own desktops

I guess they don't use ssh?

This claim is complete nonsense, because you are conflating the installing of a certificate with a capability to override HPKP. All those businesses need is a way to add an exception to HPKP. This is no more difficult that any other IT-managed configuration.

The bug here is the assumption that installing a certificate always means HPKP should be overridden. This assumption is patently not universally true, as this Kazakhstan situation demonstrates.

> no benefit

Why is it that so many people seem to forget about the concept of Defense In Depth when one of the layers of protection is attacked?

A physical-key analogy: there is a decent chance the lock on your home's front door can be opened trivially with a bump key[1], which is an attack against the entire class of traditional pin-and-tumbler locks. The many homes that have such a lock can be entered in seconds. Does this mean that they shouldn't bother locking their front door? No - while it might be a good idea to invest in a better lock, forcing someone to bump the lock has benefits. Someone trying to enter your house might not have the right tool. If they do carry a bump key, that could have legal consequences ("burglar's tools").

Layered defenses help to reduce attack surface and raise the attack cost.

> less transparent

I fail to see how forcing an attacker to patch binaries or otherwise work around HPKP. Doing so will leave clear evidence that the system has been tampered with. On the other hand, a proper certificate has a small amount of plausible deniability.

> it doesn't address this problem

It doesn't solve the problem, but it should be a speed-bump that makes the attack harder, raising the cost of MitM.

[1] https://en.wikipedia.org/wiki/Lock_bumping

I don't care enough about this to argue about it. I see why people don't like that Chromium works this way, and I see clearly why Chromium doesn't let pins override local configuration. Meanwhile, the cost of bypassing pins if you can run code locally is very low, not enough to change my risk calculus. I can see why Google doesn't start an arms race over a trivial speed bump, and I can see why you might want the speed bump.

If you want to be outraged about it, that's fine. I know other smart people who are also outraged about it.

Remember, though: we largely have Google and Chromium to thank for pioneering certificate pinning in the first place.

> I'm not sure how they intend to circumvent this problem, apart from perhaps just instructing users to not use those browsers? That's quite difficult to put into practice.

Even if pins overrode locally installed certificates, all they would have to do is to block all outgoing raw HTTPS traffic. All these browser-side security mechanisms can do is to refuse to initiate insecure connections (and inform the vendors about broken pins). They can't force a network that is actively designed to forbid private connections to allow them.

It is a little more complicated than that. If you start doing MITM on https connections where pinning is involved, typically those sites / apps will just stop working as they don't trust the CA for the cert that is injected during the MITM. So yes it 'protects' you, but it does so by not letting you access that page / app. Chrome (and I'm sure most other browsers / apps) can have their pins overriden by user installed root CA's (which is what they are pressuring people to do in this scenario).

You can read more about how Google does certificate pinning here: https://www.imperialviolet.org/2011/05/04/pinning.html

Could kazakhstan take "national security cert" traffic, crack it and then apply a different, globally trusted cert? Couldnt they also strip the public-key-pins header from incoming traffic?

Idiocy such as this is a strong argument for the use of PAKE rather than CA-based authentication. No need to trust anyone other than the site you're trying to connect to: https://en.wikipedia.org/wiki/Password-authenticated_key_agr...

TLDR: Basically, you prove to the website/mail server/sshd that you know your password, while the site simultaneously proves to you that they also know your password (and hence are actually the site you're trying to connect to), all without actually sending the password in either direction. The password is then used to bootstrap symmetric encryption keys.

For those of you looking for a mirror (copy) of the page before it was taken down, here it is:


TIL: "Kazakhstan is currently our 76th largest goods trading partner with $2.5 billion in total (two way) goods trade during 2013. Goods exports totaled $1.1 billion; Goods imports totaled $1.4 billion. The U.S. goods trade deficit with Kazakhstan was $295 million in 2013.” - https://ustr.gov/countries-regions/south-central-asia/kazakh...

So like, what's the plan for people visiting Kazakhstan here? Install some rando's SSL certificate in your trust store or just not be allowed to access the internet?

They're likely only intercepting known https traffic (port 443). If you use a VPN and tunnel all traffic you probably won't have any issues.

If a nation-state with the resources of China has come up with a system that can still be (albeit nontrivially) bypassed then I would imagine Kazakhstan will have a much-less-sophisticated first iteration.

Kazakhstan is quite the friend of china IIRC. They may have gotten their solution too as a goodwill gesture. Or this is on top of it.

I lived in Kazakhstan for a few months, and I think they're already blocking VPN traffic with deep packet inspection. I tried a number of different services, including setting up my own on Digital Ocean.

I use my OpenVPN VPS without any troubles.

Install the certificate, then route all your connections through a tunnel. Multiple options are available like openvpn, shuttle[1], etc..

[1] https://github.com/apenwarr/sshuttle/

I assumed that they would refuse to serve traffic that they couldn't decrypt with this certificate.

Not all traffic relies on certificates. Not all traffic relies on known PKI structures. Most known protocols this doesn't apply to: ssh, various vpns.

So, the next step is encrypting the content before sending it through TLS...TLS over TLS

If they can unwrap the first layer of encryption, and most normal traffic inside isn't encrypted, people tunneling through MITM'd TLS are playing a game of cat and mouse with a very well-funded adversary that can imprison, torture, or kill them.

Obviously, a lot of people do this kind of thing in China, and from what we know, circumventing the "Great Firewall" isn't routinely getting people killed. But people should know what they're doing before they try it in Kazakhstan.

Next step: steganography

Steganography needs vast quantities of cover data. You're increasing the bandwidth costs dramatically when you recommend steganography for everything.

Steganography needs vast quantities of cover data.

Porn? Perhaps the world's smut peddlers will become beacons of freedom and civil disobedience? (Sounds like a Neal Stephenson book.)

That's a terrible TX/RX ratio. Unless you encode data in each request and receive small pictures only, it would take ages to send any real information. Good for receiving though.

Every huge porn site is banned in Kazakhstan. I believe that porn is forbidden here.

The worst thing — they just ban sites without any explanation. Site just stopped to work and you don't know why. Even w3.org was banned for some time (probably because its validator could be used as web proxy).

A VPN or SSH tunnel w/proxying is essentially this with a dedicated jump point.

Better do it from an untraceable IP address, or you might get some visits.

This is the biggest problem when governments go this route.

wait till private keys for the cert are leaked by some disgruntled telecom company employee.. Puts the whole country internet at risk.

Unfortunately that might be the most effective way to fight this type of thing. Massive incident that would show the foolishness of the move.

I'm 100% sure that keys are in hardware device and couldn't be leaked. Kazakhstan has certificate infrastructure for years to issue digital certificates for their citizens. Nothing was leaked yet.

This sounds pretty bad and we can just hope that this doesn't become the new norm.

What makes me kinda angry is however where this originates from: There are countless so-called "IT security" products that had this idea of MitM-ing all traffic before. Basically it's just the same idea on a bigger level.

Indeed. This is already the norm in the Western world, as long as we're talking about the workplace.

Link is 404'd

Here is the text of what was there.


Press center Company News Internet news TV News Publishing Video Archive Photo archives Operators Main page Press center Company News Kazakhtelecom JSC notifies on introduction of National security certificate from 1 January 2016 Kazakhtelecom JSC notifies on introduction of National security certificate from 1 January 2016 From 1 January 2016 pursuant to the Law of the Republic of Kazakhstan «On communication» Committee on Communication, Informatization and Information, Ministry for investments and development of the Republic of Kazakhstan introduces the national security certificate for Internet users.

According to the Law telecom operators are obliged to perform traffic pass with using protocols, that support coding using security certificate, except traffic, coded by means of cryptographic information protection on the territory of the Republic of Kazakhstan.

The national security certificate will secure protection of Kazakhstan users when using coded access protocols to foreign Internet resources.

By words of Nurlan Meirmanov, Managing director on innovations of Kazakhtelecom JSC, Internet users shall install national security certificate, which will be available through Kazakhtelecom JSC internet resources. «User shall enter the site www.telecom.kz and install this certificate following step by step installation instructions”- underlined N.Meirmanov.

Kazakhtelecom JSC pays special attention that installation of security certificate can be performed from each device of a subscriber, from which Internet access will be performed (mobile telephones and tabs on base of iOS/Android, PC and notebooks on base of Windows/MacOS).

Detailed instructions for installation of security certificate will be placed in December 2015 on site www.telecom.kz.

PR department Kazakhtelecom JSC


Academy of Public Administration under the President of the Republic of Kazakhstan

Official site of the President of the Republic of Kazakhstan

Информационно-аналитический портал Write to us FAQ Site map Report an error Career with Us Procurement Аукционы Reference book Help © 2010-2015, АО «Қазақтелеком»

For an easier to link source:


Interesting. In 6_*.doc I can read this: "Long-distance and international operators perform transmission of traffic that uses protocols with encryption support using security certificate, except traffic encrypted by means of cryptographic protection on the territory of the Republic of Kazakhstan."

So, if encrypted by such means on the country's territory, shouldn't be intercepted? Ha!

There are zero "cert" mentions.

Wondering about a turtles-all-the-way solution:

A web-socket based protocol that opens up a new SSL session with non-MITM'd certificates.

So you'd open up the snoop-me HTTPS/1.1 connection, do some GETs, then say "GET /busy, yo", and start what looks like a video-chat conversation that is in fact a regular SSL connection with uncompromised certs.

(some protocol) over SSL over Web-Socket over bad-SSL over TCP/IP

You can't solve political problems with cryptography, much though the software engineering industry may wish it were so.

Ultimately, though it will be very hard to accept, crypto may be on the way out as a technology with any political impact. Governments currently accept the rapid increase in SSL because none of the politicians or regulators understand that it's possible to disable it at a country level, and nobody with any technical clue has been willing to point it out to them. But that situation isn't sustainable, as the Kazakh example shows. A sufficiently determined government won't care about minor details like user convenience. They'll just say "you either install our root cert, or you don't get to use the internet" and that's it. Game over. If even just one western country does it, the rest will all follow within a few years.

Use a crypto that doesn't rely on authority.

Somewhat related would be Tor's flashproxy bridges: https://crypto.stanford.edu/flashproxy/

Once it happens enough to be on the radar, it will be blocked or MiTM'd. Probably the former, possibly with a free symposium on the application of rubber hoses.

> The national security certificate will secure protection of Kazakhstan users when using coded access protocols to foreign Internet resources.

How is this protecting users? They are outright lying here, if I understand correctly. Also why are they asking for my location?


> How is this protecting users?

Its protecting users from getting visits from Kazakhstan's security services for covertly communicated with foreign entities. That is, presuming that the content of their traffic isn't unwelcome by the security services, since otherwise, even with the use of the MitM certificate, they'll still get visits.

It's a really backwards way to customize a phone number on their site. They POST your geocode to their server and based on the city you're in change the area/country code. Quite a strange way to do it, but hey.

Remember they have your location anyway from your IP address.

The location associated with the IP address they see may not be your physical location by quite some margin.

If you are connecting via a mobile phone the address is likely to be registered as at one of the phone company's locations which could potentially be in a different state. For many home/office serving ISPs this is similar. Also, if you are using a VPN of some sort the address you present to the web server is quite disconnected from your physical location.

If on the other hand they request your location via your web access client and you agree, it will be using localisation APIs that may well know your location with some precision: using GPS if your device has it and has it turned on, or via wireless AP availability based lookups otherwise.

Then they think I am from London, my IP is But no, I am 200 miles away.


That makes it only more interesting. However, I assume, IP-based location isn't that granular?

It's very surprisingly granular. I logged dropped packets from my router's firewall for a week and looked up the origin locations with geoip for fun. Just plugging in the coordinates to google maps would zoom directly in on peoples' houses (sometimes in the middle of nowhere). I'm not sure it's 100% accurate, of course, but it sure seemed specific.

The actual data source will provide a country, state or sometimes even city and zipcode. Then whatever tool you're using to map drops a pin in the middle of that region. If you zoom in, you get whatever happens to be at the geographic center of whatever the mapping tool (probably Google Maps) thinks is the center. eg if it says "United States" and no other data, you get some random ass place in the middle of Kansas. Sometimes there can be more specific data, but just because you can keep zooming in doesn't mean that that's actually where it is

You're describing GeoIP derived from "public" information sources such as the physical address of the assigned entity or the location information provided to the registrar by the block owner.

However, there is a different kind of GeoIP that has the potential to be much more specific as to the location, based on a join between Internet traffic and transactions that target a specific location. e.g. when you purchase a physical item from an online vendor, with your house as the delivery address, they now have both your IP and location. Obviously for this to work it depends on a) the IP address remaining the same for some period of time and b) sharing of the necessary information to allow the join. afaik both are often true.

This just means that it's precise, not necessarily accurate.

I tried checking my current ip. It points me to some hotel in Helsinki. I'm about 500 km away from there.

On the other hand, my ip "resolves" via geoip to a city about 500 kilometers away so I guess it depends on what database you use and what country.

The city it resolves to is where my isp has their HQ.

In US (or is it just Comcast) - it is exact!

Seems Comcast maps IP (which they issue) to postal address to exact Geo coordinate.

Basically that and... I'd say when you don't share the location, they only have what's available publicly from GeoIP (via ISPs). Wen you do, your user agent actively tries to give them the best possible results (using GPS or anything else), that's the way I would put it.

Try normal Geo-IP (Maxmind) and it will show the local telco exchange.

I am sure the NSA does better but Kazakhstan? I have been inside one of their embassies to be shocked that they were watching the news on a black and white CRT TV!!!

Probably because they got sick of embassy staff stealing the TVs they kept buying for them. 8)

They have a location, it may or may not be related to your location.

Without in any way condoning the move, there is a lot of protection you can add with decrypted traffic. Malware analysis, DLP, etc.

But obviously the security as a whole has to consider the increased risk due to the centralized cert, disregarding entirely the fact that you're trusting a totalitarian government with all of your secrets...

At least they are honest - spying and not hiding it ;)

Well technically that's your browser blocking their location request and asking you if you want to let it go through. If they were honest they would say something like "we're about to request your location for x very useful thing that justifies giving up this piece of sensitive data"

pretty much anything saying "for your protection", "for your safety" or "for your convenience" is a lie. it's a pretty common euphemism in the us too.

I once looked into getting a .kz domain. (I wanted to host comics on a site named "comi.kz".) It turns out that one of the requirements for getting a .kz is that the website be physically hosted inside Kazakhstan. (And yes, Kazakhstani hosting providers that do business with foreigners are expensive.)

Right now, I am very glad that I did not go down this route.

This is lame news. But what I'm curious about is: What are they going to do (if anything) to validate the upstream certificates?

- What will their upstream root certificate policy be?

- If they MITM any old upstream certificate, how will they mitigate the huge target they are painting on Kazakh Internet users?

I would assume their root trust store could be similar to what your browser would use. i.e. a curated set of root CAs with CRL subscription.

FWIW there are 9.49 million Internet users in Kazakhstan according to wolframalpha.com


This is extremely relevant to my interests but I don't actually understand what's happening here. Part of that is the awkward translation. Can I get a more detailed description and/or some links to help me understand? Thanks!

I'm sure someone else can explain it better than me, but they want all of their citizens to install a certificate on all of their internet capable devices that will route all their traffic through the government so they can see all of it. It's a man in the middle attack on the entire population.

I wish somebody could tell me what this means half technically. My mind is wavering between this is a good thing because everyone's connection is becoming secure to not a good thing for reasons unknown.

It seems like you've got it backward. Kazakhstan is not making the internet more secure. They're requiring citizens to install something (their own root security certificate) that compromises the security of https. The result is that their government can eavesdrop on all traffic, encrypted or unencrypted. That's the story anyway.

Why can't Internet companies simply block the entire backward country? I can't imagine Borat's motherland traffic monitizes well anyway. You want to MITM? Fine, build your own Kazakh Google.

That would actually be a huge win for Kazakhstan. Much like China pushing people to use Baidu and other state friendly services instead of Western owned services.

While I applaud the privacy advocates, we knew this was coming when HTTP/2 (RFC 4750-4751) because an official standard in May 2015. The only way a country with limited bandwidth can operate a transparent proxy is to stick a new certificate in the root chain so that it can decode, cache and re-encode the traffic.

I don't like it anymore than anyone else, but I see a non-malicious purpose here.

Could this be used by the Kazakh government to sign malware/spying packages and install them on their citizens' machines? Sounds like a super easy way to open that backdoor.

Or is this a different type of cert? I'm thinking along the lines of what Dell and Lenovo were yelled at for (although those were easy to rip off, but the government could possibly serve as the malicious actor here).

Only if the cert also has code signing EKU. Then, in case of code signing trust bit not disabled in the cert manager, signed EXEs will appear with "verified publisher".

Google should come up with cheap satellite internet. This is the only way to bypass unruly governments.

But then you're on a mercy of Google Republic.

Google already has your data anyway

Kyrgyz here. An evil lesson is soon learnt. It's highly possible that our regulators will try to push similar bill.

Does it mean that using SSL the normal way will become impossible? I can't imagine this. How this can be enforced?

1) The only TLS connections that are let through are all MITM'd.

2) Every other TCP/UDP flow is checked for conformance with plain-text protocols (like HTTP), or far worse, simply for the level of entropy in the data.

3) A threat of legal action is made against anyone caught using secure crypto.

Good luck beating that. The key here is that the "entropy detector" doesn't "really" need to work. It only needs to work well enough to scare people into submission.

Here steganography comes into play - very easily implementable in the form of webcam streams bugged with usable data.

If all of their https traffic is compromised, would we not be able to break all of their financial traffic remotely?

Not necessarily, it just means that Kazakh citizens will have a root cert installed on their machine that will allow the government to MITM their https connections. The connection between the MITM and the client will be encrypted (just with the government-controlled cert instead of the server's cert), and the MITM will have an encrypted connection to the server. I suppose it is possible that the MITM could make an unencrypted connection to the server, but I don't know a good reason for the government to do that.

To what degree has the U.S. government, through the NSA et al, provided moral cover for this sort of thing?

Correct me if I'm wrong, but doesn't android display a rather ennerving "someone might be spying on you" warning when custom root certs are installed? I'm looking forward to the reactions when every (android-using) citizen of the country student gets that warning.

Why? They would have already installed the root cert themselves and they'd know perfectly well that they are being spied on. It'd just be another annoying warning bar for them.

They installed the cert because they've been told to and because likely "the internet doesn't work" when they don't. But that doesn't imply they know what a root certificate actually does or what the consequences of adding new root certs are.

I installed some custom roots onto 4.4.2 the other night to MiTM some apps. I saw no obvious warnings at all.

I was referring to this: https://code.google.com/p/android/issues/detail?id=62644

I'm not sure how the current status of that warning is, however.

> secure protection of Kazakhstan users when using coded access protocols to foreign Internet resources.

I guess "coded" here means VPN as well...

Wonder how other countries' embassies will be connecting if they block all the encrypted connections? Everything through a satellite connection presumably.

They're unlikely using plain HTTPS for sensitive traffic, as that still divulges what sites you're visiting.

Technically it only divulges which IP addresses you're accessing. The URL, including domain name, in the request is encrypted.

Server Name Identification divulges the hostname (in the clear) during the key exchange.

> Wonder how other countries' embassies will be connecting if they block all the encrypted connections? Everything through a satellite connection presumably.

Or just getting official exceptions.

My first thought, any tech company to setup offices in this country are probably out the window. However, more importantly, they just made it really easy for other governments to spy on them. In their zeal to protect national security, they have done just the opposite.

Not really - to anyone who doesn't possess the certificates used in MITM, the SSL traffic is just as impossible to decrypt as before.

And this, dear fellows, shows how effective it is to fight politics with technical solutions.

It seems they removed the page

Indeed. Even more strange is that they are handling it with a (temporary) redirect on that specific article.

  $ http --print h http://telecom.kz/en/news/view/18729
  HTTP/1.1 302 Moved Temporarily
  Connection: keep-alive
  Content-Length: 154
  Content-Type: text/html
  Date: Thu, 03 Dec 2015 08:41:31 GMT
  Location: http://telecom.kz/en
  Server: nginx

"from which Internet access will be performed (mobile telephones and tabs on base of iOS/Android, PC and notebooks on base of Windows/MacOS)"

So use Linux and you will be fine?

Slightly OT - if the bad guy can't fiddle with the trust store of your computer, whats his another methods of analysing a users traffic? Is https breakable by other means?

They don't really have to force you to install that root cert. Every https connection will be signed with it, so you either trust that cert and can actually view the site (and gov can read it all) or you don't and just get error in your browser.

Everything is breakable, but some things take a really looong time to break. Governments might be able to break some weak https encryption, but not all.

You can inject hooks into the certificate validation routines to make your certificates accepted, hook the actual encrypt/decrypt functions, or make the session establishment routines leak the master secret.

I wonder if non-TLS based VPNs could be used around that? And if those are blocked, how hard would it be to build a SSL over HTTP proxy outside the country?

Is this different than the DoD having a root certificate in iOS (and I think Windows, too)? Couldn't the DoD also MITM the traffic any time they wish?

Yes and no.

At a basic level, yes, any CA can issue a certificate which can be used to launch a MITM attack. We trust that the CAs don't do this. If they're caught, the browser industry tends to revoke their CA status -- which is pretty bad for the CA's business model.

That said, the CAs have been under increased scrutiny lately, and browsers are starting to build additional protections against this kind of thing:

- Certificate pinning (HPKP) allows sites to restrict which certificates can be used for a specific host, even if the certificate is signed by a trusted system root. (Caveat: HPKP isn't enforced for local roots, installed by an admin. That's how Kazakhstan is able to get away with this, because they're asking users to install a new root manually.)

- Certificate Transparency is supposed to provide an audit log for CAs, so that any maliciously issued certificates can be detected and acted on.

That said, these features are new and not universally supported by all browsers. And neither would help in a case like Kazakhstan, where users are being asked to bypass security features and there's no system root to revoke.

So how about hacking and leaking their certificate and then making all Kazak government traffic vulnerable to public posting all over the internet?

That's just wrong and a really unpleasant slippery slope. I hope this causes a huge backlash from users and the internet at large.

Kazakhstan is authoritarian state that censors. This is in no way or form slippery.

This is actually a huge improvement over the $5 wrench they used to use to decrypt personal communications.

Well any backlash from Kazakh users would land them in prison most likely.

My prediction : Indian government takes up this idea in the next 12 months. If this works this idea will spread.

I doubt it - the outsourcing industry would cry foul a million times over.

Maybe this will be what the UK government do as a 'relaxed' version of 'ban all crypto'.

They lack resources to crack it or otherwise do it in secrecy so they're demanding cooperation. Slick.

Did they just delete those news? Can't find the link on the telecom.kz website any more?

"SSL Added and Removed Here"


Would it affect vpn services as well? Sad to see more outrage here than in Kazakhstan

I think this would break, for example, mobile apps which use certificate pinning.

Any proof for that?

Anyone has a copy of original article?

Link redirects to the main page of the website.

They deleted the press release.

It's available on the Web archive: http://web.archive.org/web/20151202203337/http://telecom.kz/...

I wonder if they'll be checking the validity of the upstream cert?

How would this affect access to bitcoin/blockchains in Kazakhstan?

It won't. Bitcoin p2p traffic is unencrypted and does not use TLS.

Kazakh here as well.

Don’t bother. Nothing will happen. It’s just talk as always.

Aww but there's a kitten. This must be innocent.

Time for httpss:// (HTTP over TLS over TLS)!

All other countries have inferior surveillance.

This is such a bad idea!

At least they're fucking telling people they're doing it.

When I watched Borat I felt a little bad for the Kazakhstan government getting singled out like that for seemingly no reason. Now it feels incredibly satisfying.

I don't agree with all the comments here. A sovereign state decided to ensure all outgoing traffic is protected by a secure signature that is not possessed by foreign intelligence agencies or hackers (well, that's the idea).

It is a very cheap and effective way to achieve this.

Spying on the population is not prevented by GeoTrust and Cie's loosy certificates, a lot of literature and real life examples already show that. This is a tragedy of the commons, until everybody has access to REAL security, then no country has interest in having foreign powers spying them while not even being to do what everybody else does.

In France, Germany, Italy, Japan, Korea, Australia, etc, all of your data is already analyzed and deciphered, they freaking work together to make it less obvious than Kazakhstan. Don't make any mistake and don't call for overthrowing the regime there, it makes no sense.

From a citizen PoV, they became almost as watched over as we are for WWW traffic, but their lives are still not as much tracked as ours since they do not have the means of our agencies. They are still better off than us.

It doesn't protect from a foreign intelligence agencies or hackers because connection is only encrypted by Kazakhstan's certificate to the point where MitM is performed by the government of Kazakhstan from that point connection to the website is encrypted with a valid certificate.

Even if what you said is true and western countries have private encryption keys of all websites I think that citizens of Kazakhstan would rather be spied by foreign governments than by their own government.

> A sovereign state decided to ensure all outgoing traffic

Not "ensure". MITM. It provides no security benefits. But it might provide another attack surface for additional malicious adversaries (criminals and other governments).

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact