Menu
Chinese Internet authority clashes with Google over digital certificates

Chinese Internet authority clashes with Google over digital certificates

Google's Chrome will no longer recognize new digital certificates issued by CNNIC

A Chinese Internet administrator blasted Google on Thursday, after the U.S. search giant decided to stop recognizing digital certificates issued by the group following a security lapse.

"The decision that Google has made is unacceptable and unintelligible," China's Internet Network Information Center (CNNIC) said in an online posting.

Google's decision means that its Chrome browser could end up clashing with sites served by the Chinese Internet agency.

On Wednesday, Google explained the move in an update to an earlier blog posting. The company is still concerned by the way CNNIC issued a certificate to an IT company based in Egypt that misused it in a botched security test.

Google and CNNIC conducted a joint investigation, but despite the effort, the U.S. company decided to drop the Chinese Internet agency as a recognized root certificate authority.

However, Google signaled that this was only a temporary measure. For a limited time, the Chrome browser will trust existing CNNIC-issued certificates.

"We applaud CNNIC on their proactive steps, and welcome them to reapply once suitable technical and procedural controls are in place," Google added.

If a standoff ensues, Google's decision has the potential to hamper the Chinese Internet agency's reach. Upon encountering new CNNIC-issued certificates, the Chrome browser will issue a warning, alerting the user to the access risks.

The digital certificates are important, because if abused, they could be deployed to conduct hacking attacks against unsuspecting users.

CNNIC administers China's Internet infrastructure, and runs the .cn domain name system. But the agency is also linked with the Chinese government, which has been accused of launching cyberattacks against U.S. companies and activist groups.

This recent dispute, however, has more to do with the potential for abuse than any actual hacking attempt.

Last month, CNNIC issued a so-called intermediate CA certificate to an Egyptian IT company called MCS Holdings for internal testing, but the company then used it for other purposes. Intermediate certificates allow their owners to issue certificates for any domain names on the Internet, so their use should be strictly controlled.

Following the incident, CNNIC revoked the certificate. MCS Holdings attributed the misuse to human error.

On Thursday, CNNIC said customers issued with existing certificates would not be affected by Google's decision. But the Internet agency could face trouble in securing new customers.

By dropping CNNIC, Google is indirectly driving more business to competing certificate authorities, said F-Secure security advisor Su Gim Goh.

"You will most likely want to purchase from someone else, so that your business won't be affected," Goh said, adding. "It's definitely an interesting move, let's see what the other browsers do."

Microsoft and Mozilla did not immediately respond for comment. Last month, Mozilla also took action and revoked the CNNIC-issued certificate misused by MCS Holdings.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags GoogleregulationMCS HoldingssecurityAccess control and authenticationgovernmentChina's Internet Network Information Center (CNNIC)internet

Featured

Slideshows

Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Veritas honours top performing trans-Tasman partners

Veritas honours top performing trans-Tasman partners

Veritas honoured its top performing partners across the channel in Australia and New Zealand, recognising innovation and excellence on both sides of the Tasman. Revealed under the Vivid lights in Sydney, Intalock claimed the coveted Partner of the Year 2017 (Pacific) award, with Data#3 acknowledged for 12 months of strong growth across the market. Meanwhile, Datacom took home the New Zealand honours, with Global Storage and Insentra winning service provider and consulting awards respectively. Dicker Data was recognised as the standout distributor of the year, while Hitachi Data Systems claimed the alliance partner award. Photos by Bob Seary.

Veritas honours top performing trans-Tasman partners
Show Comments