[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: myth(?): places in the world where https is illegal? Re: people.debian.org will move from ravel to paradis and become HTTPS only

On Mon, Jul 21, 2014, at 13:12, Holger Levsen wrote:
> Hi Iain,
> On Sonntag, 20. Juli 2014, Iain R. Learmonth wrote:
> > The main one is that there are places in the world you just can't use HTTPS 
> > for legal reasons [...]
> I'm curious, can you name one?


And http://www.cryptolaw.org/cls2.htm

The usual suspects:

Belarus, Iran, Saudi Arabia (and I guess North Korea, but the use of
is probably OK if you are allowed to use a computer and connect to
of the world anyway...)

But again this should not be a reason to not deploy encryption

The current problem with HTTPS is that it bundles encryption with
This needs to be unbundled[1]. My opinion is that even a transparent
opportunistic encryption (f.e. like DANE implementation in postfix)
improve the overall state of security.

1. I must admit that I haven't been able to monitor httpbis progress on

Ondřej Surý <ondrej@sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server

Reply to: