30 July 2019
Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest developments in this space. Received monthly by more than 50,000 subscribers. Written by Hanno Böck.
In Kazakhstan, Internet connections via HTTPS are partly intercepted. According to various reports, providers in the central Asian country have asked their customers to install a special root certificate in their browsers that enables the interception. This first became known to a wider audience due to a bug report in Mozilla’s bug tracker. Mozilla hasn’t yet decided how to react, but several users have asked Mozilla to block the certificate in question.
A report published by the Censored Planet organization includes technical details about the interception. According to the report, the interception only happens on certain domains, which include several Google services, Facebook, Twitter, and several hosts of the Russian social network VK.
Reports about Kazakhstan trying to intercept user traffic this way aren’t new. In 2015, a message appeared on the web page of Kazakhtelecom asking users to install a root certificate. However, shortly afterward the message disappeared and it seemed the government had given up on its plans for a few years.
The technique of using manually installed root certificates to intercept HTTPS traffic isn’t unusual, although it’s controversial. Many security products used in larger companies operate the same way to analyze user traffic.
This subscription is just for the newsletter; we won't send you anything else.
Designed by Ivan Ristić, the author of SSL Labs, Bulletproof TLS and PKI, and Hardenize, our course covers everything you need to know to deploy secure servers and encrypted web applications.
Remote and trainer-led, with small classes and a choice of timezones.
Join over 1,500 students who have benefited from more than a decade of deep TLS and PKI expertise.