Google may have decided to stop recognizing digital certificates that were issued by the China Internet Network Information Center (CNNIC), but the move may also add fuel to the growing mistrust between China and foreign technology companies.
CNNIC is China's main digital certificate authority and takes charge in overseeing China's Internet infrastructure. If Google stands firm with its decision, then the move could severely hamper CNNIC's reach. At present, CNNIC is working on regaining its authority to issue certificates by following Google's Certificate Transparency process.
Google, however, defended its decision by further claiming that CNNIC failed to recognize the security threat involved in the issuance when it contracted Cairo-based MCS Holdings.
MCS Holdings, Google said, used the certificates to install a "man-in-the-middle" proxy. This allowed companies to create a proxy destination in order to intercept secure connections. At times, it allowed companies to intercept secure traffic on their employees for the purpose of monitoring their activities or for any legal reasons.
Such incidents are deemed a "serious breach," according to Google.
Google will stop recognizing newly issued security certificates from CNNIC, which are used to verify a site's legitimacy to run business. These certificates are meant to protect web users from becoming victims of Internet scams, such as phishing and identity theft.
"This will take effect in a future Chrome update," Adam Langley, a Google security engineer, stated. "To assist customers affected by this decision, for a limited time we will allow CNNIC’s existing certificates to continue to be marked as trusted in Chrome, through the use of a publicly disclosed whitelist."
In other words, only existing certificates issued by CNNIC will continue to be recognized in the Chrome browser. If the browser encounters a new CNNIC-issued certificate, it will immediately send out a warning to the user about potential risks to accessing an unsecured site.
Google's decision was met with criticism from the Chinese Internet agency.
"The decision that Google has made is unacceptable and unintelligible to CNNIC," the agency stated. "Meanwhile CNNIC [is] sincerely [urging] that Google [take] users' rights and interests into full consideration."
Photo: Kristina Alexanderson | Flickr