Menu
Chinese Internet authority clashes with Google over digital certificates

Chinese Internet authority clashes with Google over digital certificates

Google's Chrome will no longer recognize new digital certificates issued by CNNIC

A Chinese Internet administrator blasted Google on Thursday, after the U.S. search giant decided to stop recognizing digital certificates issued by the group following a security lapse.

"The decision that Google has made is unacceptable and unintelligible," China's Internet Network Information Center (CNNIC) said in an online posting.

Google's decision means that its Chrome browser could end up clashing with sites served by the Chinese Internet agency.

On Wednesday, Google explained the move in an update to an earlier blog posting. The company is still concerned by the way CNNIC issued a certificate to an IT company based in Egypt that misused it in a botched security test.

Google and CNNIC conducted a joint investigation, but despite the effort, the U.S. company decided to drop the Chinese Internet agency as a recognized root certificate authority.

However, Google signaled that this was only a temporary measure. For a limited time, the Chrome browser will trust existing CNNIC-issued certificates.

"We applaud CNNIC on their proactive steps, and welcome them to reapply once suitable technical and procedural controls are in place," Google added.

If a standoff ensues, Google's decision has the potential to hamper the Chinese Internet agency's reach. Upon encountering new CNNIC-issued certificates, the Chrome browser will issue a warning, alerting the user to the access risks.

The digital certificates are important, because if abused, they could be deployed to conduct hacking attacks against unsuspecting users.

CNNIC administers China's Internet infrastructure, and runs the .cn domain name system. But the agency is also linked with the Chinese government, which has been accused of launching cyberattacks against U.S. companies and activist groups.

This recent dispute, however, has more to do with the potential for abuse than any actual hacking attempt.

Last month, CNNIC issued a so-called intermediate CA certificate to an Egyptian IT company called MCS Holdings for internal testing, but the company then used it for other purposes. Intermediate certificates allow their owners to issue certificates for any domain names on the Internet, so their use should be strictly controlled.

Following the incident, CNNIC revoked the certificate. MCS Holdings attributed the misuse to human error.

On Thursday, CNNIC said customers issued with existing certificates would not be affected by Google's decision. But the Internet agency could face trouble in securing new customers.

By dropping CNNIC, Google is indirectly driving more business to competing certificate authorities, said F-Secure security advisor Su Gim Goh.

"You will most likely want to purchase from someone else, so that your business won't be affected," Goh said, adding. "It's definitely an interesting move, let's see what the other browsers do."

Microsoft and Mozilla did not immediately respond for comment. Last month, Mozilla also took action and revoked the CNNIC-issued certificate misused by MCS Holdings.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags regulationinternetGoogleAccess control and authenticationMCS HoldingsChina's Internet Network Information Center (CNNIC)

Featured

Slideshows

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Meet the winners of the 2020 Reseller News Innovation Awards

Meet the winners of the 2020 Reseller News Innovation Awards

Reseller News honoured the standout players of the New Zealand channel in front of more than 500 technology leaders in Auckland on 21 October, recognising the achievements of top partners, start-ups, vendors, distributors and individuals.

Meet the winners of the 2020 Reseller News Innovation Awards
Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Show Comments