Menu
Chinese Internet authority clashes with Google over digital certificates

Chinese Internet authority clashes with Google over digital certificates

Google's Chrome will no longer recognize new digital certificates issued by CNNIC

A Chinese Internet administrator blasted Google on Thursday, after the U.S. search giant decided to stop recognizing digital certificates issued by the group following a security lapse.

"The decision that Google has made is unacceptable and unintelligible," China's Internet Network Information Center (CNNIC) said in an online posting.

Google's decision means that its Chrome browser could end up clashing with sites served by the Chinese Internet agency.

On Wednesday, Google explained the move in an update to an earlier blog posting. The company is still concerned by the way CNNIC issued a certificate to an IT company based in Egypt that misused it in a botched security test.

Google and CNNIC conducted a joint investigation, but despite the effort, the U.S. company decided to drop the Chinese Internet agency as a recognized root certificate authority.

However, Google signaled that this was only a temporary measure. For a limited time, the Chrome browser will trust existing CNNIC-issued certificates.

"We applaud CNNIC on their proactive steps, and welcome them to reapply once suitable technical and procedural controls are in place," Google added.

If a standoff ensues, Google's decision has the potential to hamper the Chinese Internet agency's reach. Upon encountering new CNNIC-issued certificates, the Chrome browser will issue a warning, alerting the user to the access risks.

The digital certificates are important, because if abused, they could be deployed to conduct hacking attacks against unsuspecting users.

CNNIC administers China's Internet infrastructure, and runs the .cn domain name system. But the agency is also linked with the Chinese government, which has been accused of launching cyberattacks against U.S. companies and activist groups.

This recent dispute, however, has more to do with the potential for abuse than any actual hacking attempt.

Last month, CNNIC issued a so-called intermediate CA certificate to an Egyptian IT company called MCS Holdings for internal testing, but the company then used it for other purposes. Intermediate certificates allow their owners to issue certificates for any domain names on the Internet, so their use should be strictly controlled.

Following the incident, CNNIC revoked the certificate. MCS Holdings attributed the misuse to human error.

On Thursday, CNNIC said customers issued with existing certificates would not be affected by Google's decision. But the Internet agency could face trouble in securing new customers.

By dropping CNNIC, Google is indirectly driving more business to competing certificate authorities, said F-Secure security advisor Su Gim Goh.

"You will most likely want to purchase from someone else, so that your business won't be affected," Goh said, adding. "It's definitely an interesting move, let's see what the other browsers do."

Microsoft and Mozilla did not immediately respond for comment. Last month, Mozilla also took action and revoked the CNNIC-issued certificate misused by MCS Holdings.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags regulationinternetGoogleAccess control and authenticationMCS HoldingsChina's Internet Network Information Center (CNNIC)

Events

Featured

Slideshows

Channel kicks 2021 into gear as After Hours returns to Auckland

Channel kicks 2021 into gear as After Hours returns to Auckland

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Pantry at Park Hyatt in Auckland to kick-start 2021.

Channel kicks 2021 into gear as After Hours returns to Auckland
The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Show Comments