Google to not accept security certificates from China’s biggest web registrar

Google has declared war on China’s biggest web registrar, China Internet Network Information Center (CNNIC), due to its “bad behaviour.”

In its security blog post, Google made it clear that it would no longer accept HTTPS certificates from the CNNIC, effectively cutting the registrar out of the SSL system that secures the web. HTTPS certificates ensure that web content cannot be intercepted in transit and CNNIC controls that process for the whole Chinese web, The Verge reported.

Defending its decision, Google argued that CNNIC was not careful enough in handling how its certificates were used as recently an Egyptian web company used its certificates to carry out a man-in-the-middle attack.

Meanwhile, CNNIC has strongly protested against Google’s decision, calling it “unacceptable” and “unintelligible.” It urged the tech giant to take users’ rights and interest into full consideration.

Although CNNIC’s existing certificates would still be valid, but new ones would not be issued. In order to re-certify itself, CNNIC has already started working through Google’s Certificate Transparency process.

CNNIC’s share of the certificate market is already very small, representing less than 0.1% of the certificates used on the web, as the Chinese government discourages the use of HTTPS by Chinese web companies as a way to reinforce the Great Firewall.

Posted by on April 3, 2015. Filed under Technology. You can follow any responses to this entry through the RSS 2.0. Both comments and pings are currently closed.