Another requirement to use domestic encryption tools
Vladimir Putin signed a personal instruction to Prime Minister Dmitry Medvedev (and not the government, which would be logical) to provide “a set of measures necessary for the transition of the authorities to use Russian cryptographic algorithms and encryption tools”
Comments on this request have already appeared. Let's say it here . As they say - about the benefits of reading the source.
So in the comments it is noted that “the government, or rather the Prime Minister personally, was entrusted with only one thing - to gradually transfer the federal executive bodies, state bodies of the constituent entities of the Russian Federation, state extra-budgetary funds, local governments to domestic cryptography with the interaction between themselves, with organizations and citizens. ” In fact, the order says something completely different and much more interesting:
That is, the Prime Minister was personally entrusted with providing preparation for the transition, and not the transition itself. There is no talk about the timing of the transition. Nuance however.
Another nuance is the absence in the order of the requirement to use certified software. But according to FZ-149, the listed organizations must use certified funds. It would be logical to instruct to find out the reasons for the failure to comply with the law and punish the perpetrators ...
Another turn in the use of certified funds? I would like, but it is unlikely.
The president further indicates that:
Very interesting item. Can public services be accessed only using Russian encryption tools? Interestingly, the president points to provide access, not software development. Is it supposed that there are such tools for all platforms? Again, it is not indicated that the funds must be certified. An interesting nuance.
By the way, a legal way to apply for the provision of such software. But only after the new year.
It is interesting that in addition to cryptographic means of protection, it is required to prevent the use of means such as man-in-the-middle and similar. Judging by the wording, the burden will fall on the providers that provide data transfer.
The order must be completed by December 1, 2017.
Comments on this request have already appeared. Let's say it here . As they say - about the benefits of reading the source.
So in the comments it is noted that “the government, or rather the Prime Minister personally, was entrusted with only one thing - to gradually transfer the federal executive bodies, state bodies of the constituent entities of the Russian Federation, state extra-budgetary funds, local governments to domestic cryptography with the interaction between themselves, with organizations and citizens. ” In fact, the order says something completely different and much more interesting:
Ensure the development and implementation of a set of measures necessary for the phased transition of federal executive bodies, state authorities of the constituent entities of the Russian Federation, state extra-budgetary funds, local governments to use Russian cryptographic algorithms and encryption tools as part of the exercise of authority in electronic interaction with each other, with citizens and organizations.
That is, the Prime Minister was personally entrusted with providing preparation for the transition, and not the transition itself. There is no talk about the timing of the transition. Nuance however.
Another nuance is the absence in the order of the requirement to use certified software. But according to FZ-149, the listed organizations must use certified funds. It would be logical to instruct to find out the reasons for the failure to comply with the law and punish the perpetrators ...
Another turn in the use of certified funds? I would like, but it is unlikely.
The president further indicates that:
1) the provision of free access to citizens of the Russian Federation to use Russian encryption tools for electronic interaction with public authorities and local authorities;
Very interesting item. Can public services be accessed only using Russian encryption tools? Interestingly, the president points to provide access, not software development. Is it supposed that there are such tools for all platforms? Again, it is not indicated that the funds must be certified. An interesting nuance.
By the way, a legal way to apply for the provision of such software. But only after the new year.
2) legislative measures to exclude the use of equipment that allows third parties to interfere with the operation of cryptographic protocols when transmitting data using a public communications network, except in cases when agencies engaged in operational-search activities take measures to remove information from technical communication channels in accordance with requirements of the legislation of the Russian Federation.
It is interesting that in addition to cryptographic means of protection, it is required to prevent the use of means such as man-in-the-middle and similar. Judging by the wording, the burden will fall on the providers that provide data transfer.
The order must be completed by December 1, 2017.