Google in Web Security Dispute with China’s CNNIC

By

Google recently posted on its official security website that it would no longer recognize the China Internet Network Information Center (CNNIC) certificate authorities which was the result of a joint investigation which was conducted between the company and CNNIC.

Following these reports, a Chinese Internet controller slammed the decision as "unacceptable" which could deter Chrome browser users to access websites approved by the authority. With this, users of Google Chrome which is considered as the World's Top Internet Browser may get a pop-up message alert or warning when attempting to visit websites certified by CNNIC.

CNNIC was quoted as saying "The decision that Google has made is unacceptable and unintelligible." CNNIC's certificates went under scrutiny recently after an official Google blog post mentioned that they have discovered that on March 20, Chinese agency permitted Cairo-based MCS Holdings to issue unauthorized certificates for various Google domains.

Google further reiterated that MCS used the certificates for a man-in middle proxy. CNNIC, on the other hand defended that they had only agreed to issue a certificate to MCS with a condition that the company would only issue certificates for the domains they have registered. MCS intercepted connections on the contrary, by disguising to be the intended destination for users. Google denounced this statement and called it "a serious breach" for all major browsers and OS (Operating Systems) recognized CNNIC certificates.

Adam Langley, a security engineer at Google said, "This explanation is congruent with the facts. However, CNNIC still delegated their substantial authority to an organization that was not fit to hold it."

In other related news, Microsoft Corp. and Mozilla also removed trust of those unauthorized certificates following Google's official blog post about the incident. Firefox maker, Mozilla just joined Google in shunning CNNIC's certificate authority. The unauthorized SSL certificates could be used to trick users into connecting t bogus, password-stealing Gmai.com or Google.com websites.

In the year 2010, Google shut down its local search engine in China over censorship issues, and most of its services remain inaccessible in China.

Tags
Google, Google Chrome

© 2024 VCPOST.com All rights reserved. Do not reproduce without permission.

Join the Conversation

Real Time Analytics