Hacker News new | comments | ask | show | jobs | submit login

So like, what's the plan for people visiting Kazakhstan here? Install some rando's SSL certificate in your trust store or just not be allowed to access the internet?

They're likely only intercepting known https traffic (port 443). If you use a VPN and tunnel all traffic you probably won't have any issues.

If a nation-state with the resources of China has come up with a system that can still be (albeit nontrivially) bypassed then I would imagine Kazakhstan will have a much-less-sophisticated first iteration.

Kazakhstan is quite the friend of china IIRC. They may have gotten their solution too as a goodwill gesture. Or this is on top of it.

I lived in Kazakhstan for a few months, and I think they're already blocking VPN traffic with deep packet inspection. I tried a number of different services, including setting up my own on Digital Ocean.

I use my OpenVPN VPS without any troubles.

Install the certificate, then route all your connections through a tunnel. Multiple options are available like openvpn, shuttle[1], etc..

[1] https://github.com/apenwarr/sshuttle/

I assumed that they would refuse to serve traffic that they couldn't decrypt with this certificate.

Not all traffic relies on certificates. Not all traffic relies on known PKI structures. Most known protocols this doesn't apply to: ssh, various vpns.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact