Google recently decided to reject digital certificates authorized by the Chinese Internet Network Information Center (CNNIC). In this regard, in a statement on Thursday, the Chinese organization criticized Google’s decision calling it “unacceptable and unintelligible.”
Google justifies the ban
In explaining its decision, the U.S.-based search provider said that the company still remains troubled by CNNIC’s choice to grant a certificate to an Egyptian IT company. The Chinese internet agency issued a digital intermediate CA certificate to MCS Holdings, based in Egypt, for internal testing. Intermediate certificates enable their acquirers to issue certificates for any internet domain names, so therefore, there arises a strict need to regulate their use.
However, the Egyptian firm abused their privileges during a failed security test, and tried to cover it up, citing human error. As a result, Google along with CNNIC undertook an inquiry into the matter.
Even though CNNIC’s efforts were appreciated, Google still abandoned the Chinese agency as a recognized root certificate authority. However, the U.S. company suggested that the ban was temporary, and encouraged its Chinese partner to reapply after the appropriate technical and procedural measures are completed.
“We applaud CNNIC on their proactive steps, and welcome them to reapply once suitable technical and procedural controls are in place,” Google added.
Tough road ahead for CNNIC
CNNIC regulates China’s Internet Infrastructure and operates the .cn domain name system. Along with this, the agency is connected with the Chinese government, which has been alleged of initiating cyber-attacks against the US companies and activist groups.
In case of an impasse, Google’s decision to blacklist CNNIC-issued certificates could hinder the Chinese agency’s control of the internet in their region.
Banning certificates would mean that Google’s Chrome browser, after a future update, could clash with the sites provided by the Chinese internet authority. The current dispute will not impact customers already provided with certificates, but securing future users could be a daunting task for CNNIC. Furthermore, Mozilla canceled the certificate granted by CNNIC to MSC Holdings last month.
