(no title)

The problem came from U.S. cryptography export regulation which makes exportable cryptographic algorithm feasible to crack. Bundled Internet Explorer didn't support good algorithms on SSL.

So, South Korea government wanted to add another security layer. They wanted to state "good to go" algorithm (just like FIPS did), so they built and recommended the encryption algorithm, SEED. And it required ActiveX, because 128 bits cryptography on JavaScript was infeasible then.

The real problem of South Korea is, the slowness of deprecation.

They deprecated ActiveX (and created NPAPI or WebSocket on localhost) in 2014. After Microsoft deprecated Windows XP, they established "Windows XP Task Forse" to respond security issues with Windows XP computers on government agencies. Yeah, this was fairly late, considering MS declared the Windows XP deprecation schedule in 2007.

IE/ActiveX/Java Applet/etc algorithms aren't still completely deprecated in Korea. NEIS, a giantic service used by every K-12 school to record and manage education-related information, still uses the technology based on Internet Explorer by using IE compatibility mode of MS Edge. Repeat, EVERY K-12 school teacher and staff uses this service, with IE compatibility mode.

I want South Korea to adapt new technology and deprecate old one more in due course. I mean, they should accept TLS provides decent end-to-end encrpytion, and they should recognize Triple DES is deemed unsafe algorithm.