[gilgad13]

To do this, wouldn't they have to effectively block SSL and SSH connections as well? SSL is used in OpenVPN and some Cisco implementations. And we all know that you can tunnel any port over ssh.

Or is the plan that the punishment for stepping outside the lines be enough to keep people from experimenting with these technologies?

[dasil003]

Yes, I think they would need to block those as well in order to be effective.

Frankly I don't see how they could possibly get away with it. Businesses of any size can't run without encrypted channels. Proceeding with this seems sure way to smother any economic development and relegate the country to third-world backwater status for the foreseeable future. And is any world leader crazy enough to do that besides Kim Jong-il?

[anamax]

> Businesses of any size can't run without encrypted channels.

Sure they can - they did before the internet. (No, the postal mail is not secure.)

> Proceeding with this seems sure way to smother any economic development and relegate the country to third-world backwater status for the foreseeable future. And is any world leader crazy enough to do that besides Kim Jong-il?

Pretty much every "world leader" in the last 100 years (if not longer) has shown that s\he is willing to give up some economic development in return for control and other benefits. (They arguably give up more than they think that they're giving up, but that's a separate issue.) Disagree? Name three exceptions.

Besides, the effect on economic development in the short term will be almost unnoticable.

[dasil003]

My wording was ambiguous, I should have said of any significant size.

Anyway, "some economic benefit" is the understatement of the year. A multinational simply can not do business without secure communications. History is irrelevant; Wells Fargo wrote out every transaction on a slip of paper and manually reconciled it every night 50 years ago, but to do so today would be utterly impossible. In todays global economy, countries need to be able to do business with foreign companies or they will be a backwater plain and simple. China certainly makes some of the tradeoffs you are talking about, but do they outright ban secure communications? Of course not, because that would be suicidal.

[lukeschlather]

>Sure they can - they did before the internet. (No, the postal mail is not secure.)

It's several orders of magnitude more secure than plain http.

>Besides, the effect on economic development in the short term will be almost unnoticable.

India has to be chock full of nationalistic script kiddies and legitimate hackers who will have a field day wrecking Pakistan's online economy if they actually try to implement this plan.

[noonespecial]

As well they should. It's one thing to use your leet skillz on some bigco with the vague self-important notion that the man is oppressing the peepz, but how often do they get to go up against real, genuine Bad with a big b.

Anonymous has got some work to do.

[pavel_lishin]

From the article, it sounds more like Pakistan has banned all encryption than VPNs specifically - VPNs were just one example cited.

[swombat]

So, your answer is actually yes, even though it looks like a 'no' - i.e. they have banned SSL and SSH along with VPNs.

[kijin]

Hmm, that would mean no Gmail for anyone in Pakistan. Any service that uses SSL for logins would also become unusable if SSL was banned.

I don't see any mention of a wholesale ban on encryption, only the use of encryption for privacy purposes. So, port 443 might still be open. It's still pretty easy to distinguish between HTTPS traffic and VPN traffic, though.

[pavel_lishin]

Well, the article said:

> Authority prohibited usage of all such mechanisms including encrypted virtual private networks (EVPNs) which conceal communication to the extent that prohibits monitoring.

They sure can't monitor your email if you're using SSL, so I'd wager that yes, if you have gmail and live in Pakistan, now would be a great time to back it all up.

[pohl]

They sure can't monitor your email if you're using SSL...

That would have been my gut feeling until I saw this yesterday:

http://news.ycombinator.com/item?id=2938516

[jevinskie]

They could proxy the SSL connections and still let people log in while monitoring the traffic. Of course, your browser will complain if they rewrap it in SSL unless they get a cert like Iran did.

[jm4]

They don't need to do what Iran did. What Iran did was get a cert that was automatically trusted by nearly every web browser in the world because the issuer was a trusted CA by default. You only need a trusted cert if you don't want users to get a warning. Iran was trying to be sneaky. Pakistan is up front about wanting to monitor traffic. They can use any cert they want. They could use a self signed cert to proxy SSL. Sure, the browser will complain that it's not a trusted cert, but the government is already saying they are going to monitor everything. If users add the cert to the "trusted" list they won't get the warning anymore.

[rahoulb]

So no SSH and no accessing git servers. In other words goodbye to any software development industry in PK