HTTPS is becoming increasingly important for every website out there on the internet and even on intranet sites. As HTTPS prevents eavesdropping and MiTM attacks. All major browsers discourage visiting HTTP-only websites and there are multiple initiatives to issue TLS/SSL certificates needed for HTTPS to as many websites as possible… except to websites based in US-sanctioned countries.
The prime example of excluded from the secure internet due to US sanctions is the DPRK. While the China-based DPRK website Uriminzokkiri has a valid TLS/SSL certificate, all DPRK-based websites such as Naenara, KCNA, Voice of Korea and Rodong Sinmun do not have access to any kind of TLS/SSL certificate.
What do we do? Try to take action via our US-based comrades? Try to start our own CA?
Knowing very little of the specifics, it would be trivial for the DPRK to set up their own CA. They probably do have a CA. The issue is that Western software distributors (operating systems, browsers, etc) probably wouldn’t want to include DPRK CAs in their CA stores. Likewise, organizations within the DPRK probably don’t trust CAs located in the West, even if they are operated by nominally allied organizations. This problem can be solved by including their domestic CAs in software distributions (they have their own Linux distro, after all) and distributing tools to easily install them on other operating systems.
Do you know if this applies just to outward-facing websites, or is this a problem across the board on their domestic networks?