 | | Iran not the only one, China kinda does it too If you are ever in the unfortunate position of having to set up SSL to be used by Chinese internet users, you are in for a surprise.
You cannot just get around the great firewall of China by using SSL. You must get approval from Chinese authorities which usually means letting them decrypt and inspect traffic. In fact I think encryption is licensed, which means that websites cannot use encryption without a license.
Iran may be a tad worse but it's certainly not something new. | |
|
 |  fuziwuziNot born yesterdayPremium
join:2005-07-01
Atlanta, GA | Re: Iran not the only one, China kinda does it too Perhaps for SSL, but VPN use in China is very widespread. My partner uses VPN daily to access sites outside of China that would otherwise be blocked. I've personally used a VPN while there, as well. Common proxies won't work, but OpenVPN is easily used by millions of Chinese netizens daily.
--
Teabaggers: Destroying America is Priority #1 | |
|
| | | said by fifty nine:If you are ever in the unfortunate position of having to set up SSL to be used by Chinese internet users, you are in for a surprise.
You cannot just get around the great firewall of China by using SSL. license.
I've got corporate users over in China using SSL/TLS for email, extranet (web), and VPN--all with apparently no problem. If my users were unable to use those technologies, I don't see how we could possibly conduct business there. | |
|
| | | | Re: Iran not the only one, China kinda does it too said by jseymour:said by fifty nine:If you are ever in the unfortunate position of having to set up SSL to be used by Chinese internet users, you are in for a surprise.
You cannot just get around the great firewall of China by using SSL. license.
I've got corporate users over in China using SSL/TLS for email, extranet (web), and VPN--all with apparently no problem. If my users were unable to use those technologies, I don't see how we could possibly conduct business there. You can absolutely use those technologies but the authorities are deeply involved. They must be given the encryption keys on demand and need to know how and where encryption is being used. | |
|
| | | When I visited China every https site that I attempted to access on my laptop would hang. | |
|
| | fuziwuziNot born yesterdayPremium
join:2005-07-01
Atlanta, GA | Re: Iran not the only one, China kinda does it too said by hoyleysox:When I visited China every https site that I attempted to access on my laptop would hang.
Very few sites I use had that issue. My partner and I can access our bank accounts at Wells Fargo (which is obviously HTTPS) without using VPN. Many other HTTPS sites are also available. Only a few blocked sites require the use of a VPN for access.
--
Teabaggers: Destroying America is Priority #1 | |
|
| | | | | Re: Iran not the only one, China kinda does it too said by fuziwuzi:said by hoyleysox:When I visited China every https site that I attempted to access on my laptop would hang.
Very few sites I use had that issue. My partner and I can access our bank accounts at Wells Fargo (which is obviously HTTPS) without using VPN. Many other HTTPS sites are also available. Only a few blocked sites require the use of a VPN for access. It's not impossible to use SSL in China. However, it is heavily regulated.
If it works, WF probably just got a license, which means that the chinese authorities can likely see your banking transactions if they wanted to. | |
|
| | | | fuziwuziNot born yesterdayPremium
join:2005-07-01
Atlanta, GA | Re: Iran not the only one, China kinda does it too said by fifty nine:said by fuziwuzi:said by hoyleysox:When I visited China every https site that I attempted to access on my laptop would hang.
Very few sites I use had that issue. My partner and I can access our bank accounts at Wells Fargo (which is obviously HTTPS) without using VPN. Many other HTTPS sites are also available. Only a few blocked sites require the use of a VPN for access. It's not impossible to use SSL in China. However, it is heavily regulated. If it works, WF probably just got a license, which means that the chinese authorities can likely see your banking transactions if they wanted to. I highly doubt every site I use "got a license" from the Chinese gov't. I don't know about Wells Fargo except that they do have a business arrangement with Agricultural Bank of China, which is convenient. We can transfer funds between our Wells Fargo and ABC accounts without any fees. I would find it rather incredible if Wells Fargo knowingly allowed "spying" on their customer's online activity.
--
Teabaggers: Destroying America is Priority #1 | |
|
| | | You've obviously never been to China. | |
|
| | | | Re: Iran not the only one, China kinda does it too said by DataRiker:You've obviously never been to China.
And you obviously have no clue how SSL works and why the Chinese Gov't can decrypt your SSL session quite easily. | |
|
| | |
4 edits | Re: Iran not the only one, China kinda does it too Quite frankly you got caught making shit up. I've used SSL from South China on a number of occasions to the US.
Never had a problem, and the sites I use support TLS 1.2.
As far as I know there are no outstanding exploit issues known with a fully 1.2 complaint browser. ( IE for example ) | |
|
 KrKHeavy Artillery For The Little GuyPremium
join:2000-01-17
Tulsa, OK | Coming soon to the USA.... Wonder how long before they rule that people using encryption in the USA are obviously criminals and terrorists and begin following the "trailblazing" path of Iran.
--
"Fascism should more properly be called corporatism because it is the merger of state and corporate power." -- Benito Mussolini
| |
|
| |
| | | | Re: Coming soon to the USA.... They can do SSL within the country probably because the government has some sort of back door into those sites. They can't do SSL when you go beyond the borders of Iran. | |
|
| | |  NickDPremium
join:2000-11-17
Princeton Junction, NJ | Re: Coming soon to the USA.... The US allows 128 bit encryption within the country but forbids the export of anything stronger than 64 bit. | |
|
| | | patcat88
join:2002-04-05
Jamaica, NY
kudos:1 | Firefox comes with the Chinese backdoor certificate right out of the box. | |
|
| fuziwuziNot born yesterdayPremium
join:2005-07-01
Atlanta, GA | said by KrK:Wonder how long before they rule that people using encryption in the USA are obviously criminals and terrorists and begin following the "trailblazing" path of Iran.
Actually, the way SOPA/PIPA was worded, it could have been interpreted as making the use of VPN or other encrypted transmissions illegal. Don't think for a minute those behind SOPA/PIPA/ACTA wouldn't make it so.
--
Teabaggers: Destroying America is Priority #1 | |
|
 fatnesssubtleJanitor
join:2000-11-17
fishing
kudos:14 | anti-piracy measure Iran did this to prevent illegal distribution of movies and music, both of which are equivalent to cyberterrorism
--
hey Dale | |
|
| | | Re: anti-piracy measure This guy is this site's lead mod?
This explains everything. | |
|
| | fatnesssubtleJanitor
join:2000-11-17
fishing
kudos:14 | Re: anti-piracy measure Sarcasm has eluded you. | |
|
| | | | | Re: anti-piracy measure This is false. With text, some indication of sarcasm is required - particularly on the Internet, where idiots abound.
I've seen serious comments like that from posters on this website before. | |
|
| | | | CXM_SplicerLooking at the bigger picturePremium
join:2011-08-11
NYC
kudos:1 | Re: anti-piracy measure It gave me a chuckle  I think you are right though... idiots are abound. | |
|
| | | | |
| | | | | |
| | | |
| | | | Fatness is good people Xizer and has personally helped me on this site before. | |
|
| | | | | Re: anti-piracy measure On the other hand, his stooges have deleted countless numbers of my posts. | |
|
| | | | fatnesssubtleJanitor
join:2000-11-17
fishing
kudos:14 | Re: anti-piracy measure I don't blame you for being embarrassed at missing the sarcasm others picked up. Good move to change the topic.
--
hey Dale | |
|
|
rradina
join:2000-08-08
Chesterfield, MO | Obfuscated Proxy I think this is an interesting idea but it probably won't be long before they figure out a way to detect and block it. Although it might be possible to create something like this that's impossible to detect, it would be at the cost of seriously exploding the size of the data needed to transfer even trivial information. For instance, send a whole page worth of data that contains just a few actual words embedded in random places. After hundreds of pages, the few words make a page. But that's really wasteful. So wasteful that might be it's Achilles heal and lead to detection.
Probably just better to get satellite service from an adjacent country that doesn't censure -- unless the government has figured out a low power way to disrupt those services too. | |
|
| KrKHeavy Artillery For The Little GuyPremium
join:2000-01-17
Tulsa, OK | Re: Obfuscated Proxy said by rradina:Probably just better to get satellite service from an adjacent country that doesn't censure --
Under Pain of Death
--
"Fascism should more properly be called corporatism because it is the merger of state and corporate power." -- Benito Mussolini
| |
|
| | When your faith is weak, your fear is great. | |
|
moes
join:2009-11-15
Indianapolis, IN Reviews:
 ·Revol Wireless
 ·AT&T DSL Service
 ·Comcast
| subject There country, there rules, they either play by them or do not play at all. it's just how things are and yes I know it's not right, but at the same time they are the ones who are putting up with that kind of goverment and what they enforce. so once they can over throw or what ever they can do away with silly things such as this. | |
|
| | | Re: subject their, not there | |
|
| | moes
join:2009-11-15
Indianapolis, IN | Re: subject Please do not correct my spelling, I have some issues with certain words, I thank you for understanding. | |
|
| | for the stupid ya guys do know that there are ways to decrypt https ssl without your permission a kind of man in middle trick
it can be avoided but i bet 99.9% of ya don't even know what i am talking about....
AND i would assume htat anything to be safeguarded woudl have to be encrypted before it touched hte net two ways to sundown and then encrypted with non standard web servering custom made. kind alike some er um NASA files...( did i say that out loud )
haha what you dont know.....security via hte web can be had only how useful will your web be? Answer almost useless..... | |
|
| | | Re: for the stupid oh hai
then why block at all? seems like a great way for an authoritarian government to secretly crack down on dissidents | |
|
|
| | | Re: Nukes Exactly what I was thinking!! | |
|
| | It's not right My gosh, that's crazy. Why even bother having "Internet" If anything, by now EVERYTHING you do online should be using some kinda SSL. It only makes sense. I guess the Internet will be the death of commy..... lol | |
|
|
|
·
