|
 China
Internet authority denounces Google certificate
rejection
Send a link to a friend
[April 02, 2015]
By Paul Carsten
BEIJING (Reuters) - A Chinese Internet
regulator on Thursday slammed as "unacceptable" a decision by Google Inc
to no longer recognize its certificates of trust, a move which could
deter Chrome browser users accessing sites approved by the authority.
|
|
 Google said on its official security blog on Wednesday that it would
no longer recognize the China Internet Network Information Center (CNNIC)
certificate authorities, following a joint investigation between the
company and CNNIC into a potential security lapse last month.
That means that users of Google's Chrome, the world's top Internet
browser, may get a warning when attempting to visit sites certified
by CNNIC. It was not immediately clear how many websites CNNIC has
certified and could yield warning messages.
CNNIC, which plays a central role in administering China's Internet
by allocating and certifying IP addresses and web domain names,
urged Google to consider user rights and interests.
"The decision that Google has made is unacceptable and
unintelligible," the agency said in a statement on its website.
Last week CNNIC's certificates, which are used to ensure that the
connection between an Internet user and a website is secure, came
under scrutiny after an official Google blog post said the Chinese
agency had allowed Cairo-based MCS Holdings to issue unauthorized
certificates for various Google domains.
That rendered connections between users and those websites
vulnerable to 'man-in-the-middle' hacking attacks, Google said.
These attacks can intercept and alter communications.
Microsoft Corp and Mozilla, which together with Google develop three
of the world's most-used web browsers, also removed trust of those
unauthorized certificates last week, following Google's post.
"While neither we nor CNNIC believe any further unauthorized digital
certificates have been issued, nor do we believe the misissued
certificates were used outside the limited scope of MCS Holdings'
test network, CNNIC will be working to prevent any future
incidents," Google said on Wednesday.
[to top of second column] |
The U.S. search giant added that CNNIC was welcome to reapply for
recognition "once suitable technical and procedural controls are in
place," and CNNIC's existing certificates would be trusted for a
limited time through a whitelist.
MCS Holdings said in a statement on its website last week that the
security lapse was the result of human error following testing of
certificates issued to it by CNNIC, which was meant to take place in
a controlled environment.
The Cyberspace Administration of China, the country's Internet
regulator, did not immediately respond to a request for comment.
Google shut down its local search engine in China in 2010 over
censorship concerns, and most of its services are now inaccessible
in China.
(Editing by Jason Subler and Stephen Coates)
[© 2015 Thomson Reuters. All rights
reserved.] Copyright 2015 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
