Re: myth(?): places in the world where https is illegal? Re: people.debian.org will move from ravel to paradis and become HTTPS only
On Mon, Jul 21, 2014, at 13:12, Holger Levsen wrote:
> Hi Iain,
>
> On Sonntag, 20. Juli 2014, Iain R. Learmonth wrote:
> > The main one is that there are places in the world you just can't use HTTPS
> > for legal reasons [...]
>
> I'm curious, can you name one?
http://en.wikipedia.org/wiki/Restrictions_on_the_import_of_cryptography
And http://www.cryptolaw.org/cls2.htm
The usual suspects:
Belarus, Iran, Saudi Arabia (and I guess North Korea, but the use of
crypto
is probably OK if you are allowed to use a computer and connect to
outside
of the world anyway...)
But again this should not be a reason to not deploy encryption
everywhere.
The current problem with HTTPS is that it bundles encryption with
authenticity.
This needs to be unbundled[1]. My opinion is that even a transparent
opportunistic encryption (f.e. like DANE implementation in postfix)
would
improve the overall state of security.
1. I must admit that I haven't been able to monitor httpbis progress on
this
topic.
Ondrej
--
Ondřej Surý <ondrej@sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Reply to: