Google to stop recognizing Chinese web security certificates

Brittany A. Roston - Apr 2, 2015, 1:48pm CDT
Google to stop recognizing Chinese web security certificates

Google will stop recognizing web security certificates issued by China‘s CNNIC (China Internet Network Information Center), it has been announced. This comes at a time when China is cracking down on foreign services in the nation, and tech companies are backing off in return, pulling or otherwise limiting their interactions with China. Google announced yesterday that it would stop recognizing the CNNIC certificates, and the agency has fired back today with a statement saying the move is “difficult to understand and accept”.

The information comes from the The Wall Street Journal, which says the CNNIC is urging the Internet giant to further evaluate “the rights of users” in light of its decision. On Google’s part, the company cited a joint investigation with the Chinese agency into MCS Holdings, an Egyptian company.

A security breach happened at MCS, which the investigation was probing, and the conclusion was that the Egyptian company misused certificates, but not with malicious intentions. Google pointed toward CNNIC as giving “too much authority” to a company that should not have it, and that CNNIC can seek to have its web security certificates accepted once its verification process is improved.

The end result for users is that — in Chrome, at least — visiting a Chinese website that starts with “https” and ends with “.cn” will result in a warning that Google could not verify the website’s security certificate and to proceed with caution.

SOURCE: Wall Street Journal


Must Read Bits & Bytes