Media reports that proposed Russian legislation would ban certain kinds of encrypted Internet connections are part of a worrying trend of banning new open security standards; standards which were developed to make the Internet more safe and secure.
The proposed ban would prohibit the use of any encryption protocol that hides the name or identifier of a destination web page or site. This would affect connections such as HTTPS (web) connections using Transport Layer Security (TLS) version 1.3 that also use a setting called encrypted server name indication (ESNI), as well as protocols such as DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) – which encrypt DNS queries.
Businesses are increasingly adopting secure protocols like TLS 1.3 because it improves the security, privacy, and performance of websites and is widely used in web browsers and server software. Similarly, web browsers, ISPs and others are adopting DoH and DoT to improve the security and privacy of their users’ browsing history and DNS lookups, ensuring that the sites they visit are kept out of the eyes of eavesdroppers. Blocking the use of TLS 1.3, DoH and DoT will make the Internet less secure in Russia by forcing users to send data with lower levels of security or no security at all.
With more people than ever relying on the Internet to work and study from home, it is critical to make sure the Internet is as secure and reliable as possible and that businesses, their customers, and trading partners can conduct e-commerce safely. Forcing business to be less secure online is dangerous and counter-productive. It not only threatens the country’s economic development, but undermines the Internet’s global foundation. It would further fragment the Internet, leaving parts of the world with a “more secure” Internet and others with a “less secure” Internet.