Google Confronts Chinese Agency Over Issue of Digital Certificates

Google Confronts Chinese Agency Over Issue of Digital Certificates
MaoNo / Pixabay

Google recently decided to reject digital certificates authorized by the Chinese Internet Network Information Center (CNNIC). In this regard, in a statement on Thursday, the Chinese organization criticized Google’s decision calling it “unacceptable and unintelligible.”

Google justifies the ban

In explaining its decision, the U.S.-based search provider said that the company still remains troubled by CNNIC’s choice to grant a certificate to an Egyptian IT company. The Chinese internet agency issued a digital intermediate CA certificate to MCS Holdings, based in Egypt, for internal testing. Intermediate certificates enable their acquirers to issue certificates for any internet domain names, so therefore, there arises a strict need to regulate their use.

Gates Capital Management Reduces Risk After Rare Down Year [Exclusive]

Gates Capital Management's ECF Value Funds have a fantastic track record. The funds (full-name Excess Cash Flow Value Funds), which invest in an event-driven equity and credit strategy, have produced a 12.6% annualised return over the past 26 years. The funds added 7.7% overall in the second half of 2022, outperforming the 3.4% return for Read More

However, the Egyptian firm abused their privileges during a failed security test, and tried to cover it up, citing human error. As a result, Google along with CNNIC undertook an inquiry into the matter.

Even though CNNIC’s efforts were appreciated, Google still abandoned the Chinese agency as a recognized root certificate authority. However, the U.S. company suggested that the ban was temporary, and encouraged its Chinese partner to reapply after the appropriate technical and procedural measures are completed.

“We applaud CNNIC on their proactive steps, and welcome them to reapply once suitable technical and procedural controls are in place,” Google added.

Tough road ahead for CNNIC

CNNIC regulates China’s Internet Infrastructure and operates the .cn domain name system. Along with this, the agency is connected with the Chinese government, which has been alleged of initiating cyber-attacks against the US companies and activist groups.

In case of an impasse, Google’s decision to blacklist CNNIC-issued certificates could hinder the Chinese agency’s control of the internet in their region.

Banning certificates would mean that Google’s Chrome browser, after a future update, could clash with the sites provided by the Chinese internet authority. The current dispute will not impact customers already provided with certificates, but securing future users could be a daunting task for CNNIC. Furthermore, Mozilla canceled the certificate granted by CNNIC to MSC Holdings last month.

No posts to display