Google blacklists China's main digital certificate authority CNNIC2015-04-02 10:25 by Daniela
Google has announced that it will no longer recognize digital security certificates from the China Internet Network Information Center (CNNIC). CNNIC is the agency that manages the .cn domain and is also China's main digital certificate authority.
The reason for the decision is the Egyptian certification outfitc MCS Holdings, which issued insecure certificates but despite that, succeeded to get CNNIC's approval for their certificates. Those certificates could reportedly be used for man-in-the-middle attacks.
From now on, Chrome users who navigate to a .cn website with a security certificate will likely receive a pop-up warning them that continuing could expose their computer to hackers. The search company will exercise the decision through a future update to Chrome.
"To assist customers affected by this decision, for a limited time we will allow CNNIC's existing certificates to continue to be marked as trusted in Chrome, through the use of a publicly disclosed whitelist," Google said.
CNNIC on Thursday expressed its disagreement with Google's decision, calling it "unacceptable and unintelligible to CNNIC."
"The decision that Google has made is unacceptable and unintelligible to CNNIC, and meanwhile CNNIC sincerely urge that Google would take users' rights and interests into full consideration," CNNIC said in a statement posted on its website.
Read more -here-