Russia could make 'secure internet communication illegal', AWS and Cloudflare also covered?

It is reported that the Russian government is working towards enacting a revised bill that partially bans technology that encrypts Internet communications. This may prevent communication within the territory of the Russian government with confidential

identifiers, which can be called the names of web pages and sites.

Proposed Russia law to ban secure encryption protocols
(PDF file)

Russia wants to ban the use of secure protocols such as TLS 1.3, DoH, DoT, ESNI | ZDNet

Russia's Digital Development Ministry wants to ban the latest encryption technologies from the RuNet — Meduza

On September 22, 2020, IT news site ZDNet issued a (PDF file) amendment bill to the ' Russian Federal Law on Information, Information Technology and Information Protection ' prepared by the Ministry of Digital Development, Communications and Mass Communication of Russia. I reported that I got it.

According to ZDNet, the revised bill targets communication technologies such as TLS 1.3 , DoH , DoT and ESNI . The revised bill does not completely prohibit the use of such communication technology, but prohibits the confidentiality of web page identifiers through encryption.

With HTTPS , which is commonly used in recent years, the risk of eavesdropping on the communication content itself is low because the traffic is encrypted. However, there is a method to identify the website that the user is trying to access, such as by analyzing an unencrypted DNS query.

To avoid this risk of eavesdropping, DoH and DoT are communication technologies that encrypt DNS queries to improve security. Similarly, with TLS 1.3 and ESNI, it is possible to encrypt the handshake by the communication protocol TLS so that the website that the user is visiting cannot be identified.

In a document obtained by ZDNet, the Russian government said, 'The use of these cryptographic techniques reduces the effectiveness of existing filtering systems that monitor traffic. As a result, distribution within Russia is restricted or banned. It has become extremely difficult to identify sources on the Internet, including the information that is being used, 'he insisted on the need to ban the use of encryption technology.

Dmitry Belyavsky, who is involved in the development of the encryption system, told Meduza, a news site dealing with Russian information, 'When the revised bill is passed, all the encryption technologies such as DoH and DoT will be used in Russia. Sites will become illegal and blocked, and it is not possible to block just the site, so just using encryption technology will block the entire hosting provider's subnet. As a result, the Russian government will block the entire range of IP addresses such as Amazon Web Services (AWS) , Cloudflare , and Digital Ocean , which will hurt users. '

The revised bill of the Russian government will be deliberated again after accepting public comments until October 5, 2020. 'Given the strategic, political and informational interests of the legislative changes, it's almost certain that the bill will pass Congress,' ZDNet said of the possibility of the bill being passed.

in Web Service,   Security, Posted by log1l_ks