HTTPS is becoming increasingly important for every website out there on the internet and even on intranet sites. As HTTPS prevents eavesdropping and MiTM attacks. All major browsers discourage visiting HTTP-only websites and there are multiple initiatives to issue TLS/SSL certificates needed for HTTPS to as many websites as possible… except to websites based in US-sanctioned countries.

The prime example of excluded from the secure internet due to US sanctions is the DPRK. While the China-based DPRK website Uriminzokkiri has a valid TLS/SSL certificate, all DPRK-based websites such as Naenara, KCNA, Voice of Korea and Rodong Sinmun do not have access to any kind of TLS/SSL certificate.

What do we do? Try to take action via our US-based comrades? Try to start our own CA?

  • darkcalling@lemmygrad.ml
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Starting your own CA would be pointless for those outside of the DPRK. It would get labeled as being used by “authoritarian regimes”, the technical people for Chrome, Firefox, Edge would ask why they should add it and act like it’s going to be used for nefarious ends and probably refuse to add it to their certificate stores.

    Without that and without a state-distributed operating system or state-browser bundle you can distribute to people with it pre-installed everyone would have to install the CA root, trust it in their browser, etc. And most people aren’t going to do that they’re just going to see the scary untrusted cert warning and back away from the website. Them adding untrusted CA generated certificates would literally hurt their ability to get people to look at them.

    • ChosonAdmin@lemmygrad.mlOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Yes, starting a CA just for DPRK/Russian/other US-sanctioned sites wouldn’t work, but having a large enough CA would make it impossible for Google/Mozilla/Microsoft to say no to the inclusion.

      As Let’s Encrypt (and the Internet Security Research Group) have been pushing HTTPS the most, I think we should apply pressure to them to relocate to a country that allows them to issue TLS certificates to websites based in US-sanctioned countries. As the ISRG is currently based in the US, I don’t think they can currently bypass those US sanctions despite them wanting to be as politically neutral as possible.