A Chinese Internet regulator declared Google’s decision of ceasing to recognize its trust certificates as unacceptable, as it would discourage Chrome browser users from logging in on sites covered by their authority.
On Wednesday, a post on Google’s official security blog declared that China Internet Network Information Center’s (CNNIC) certificate authorities will no longer be recognized. Their decision followed a thorough investigation into a claim that CNNIC was responsible for a potential security lapse in March.
One of the direct consequences of this resolution is that some users of Google’s Chrome, ranked as world’s number one Internet browser, might be warned if they attempt to access sites covered by CNNIC. So far, it’s not very clear how many websites this situation implies, and how many warning messages will be displayed.
CNNIC is a major player involved in China’s Internet administering, focusing on allocation and certification of web domain names and IP addresses. Following Google’s decision, the company urged them to reconsider in light of user rights and interests. CNNIC also released a statement on its website, calling Google’s ruling “unintelligible”.
Most of CNNIC’s certificates are designed to make sure the connection between Internet users and websites is secure, and their ability to respect that very goal was put under scrutiny last week. Google claimed the Chinese agency had broken their users’ trust by allowing MCS Holdings to release unauthorized certificates for some of Google’s domains.
Google’s policy of making Internet connections secure by avoiding ‘man-in-the-middle’ hacking attacks had been broken; such attacks are very harmful, as they can intercept and modify communications.
It was not only Google Chrome that changed its stance towards CNNIC, but also Microsoft Corp and Mozilla, the top of world’s most-used web browsers; they have also denied trust of those unauthorized certificates, following Google’s official blog post.
There is still some good news for CNNIC, as Google stated that they will consider a reapplication for recognition is the Chinese provider will fix their procedural controls and becomes suitable again from the technical point of view.
MCS Holdings also released a statement on its official website, explaining that the security lapse was a mistake, as they were trying to test the certificates issued to it by CNNIC; instead of making on the public domain, the testing was supposed to be confined in a controlled environment.
Due to censorship concerns, local Google search engine has been shut down ever since 2010, and most of the services and features offered by the company are inaccessible in China.
Image Source: News China