China Internet authority denounces Google certificate rejection
By Paul Carsten
BEIJING (Reuters) - A Chinese Internet regulator on Thursday slammed as "unacceptable" a decision by Google Inc to no longer recognize its certificates of trust, a move which could deter Chrome browser users accessing sites approved by the authority.
Google said on its official security blog on Wednesday that it would no longer recognize the China Internet Network Information Center (CNNIC) certificate authorities, following a joint investigation between the company and CNNIC into a potential security lapse last month.
That means that users of Google's Chrome, the world's top Internet browser, may get a warning when attempting to visit sites certified by CNNIC. It was not immediately clear how many websites CNNIC has certified and could yield warning messages.
CNNIC, which plays a central role in administering China's Internet by allocating and certifying IP addresses and web domain names, urged Google to consider user rights and interests.
"The decision that Google has made is unacceptable and unintelligible," the agency said in a statement on its website.
Last week CNNIC's certificates, which are used to ensure that the connection between an Internet user and a website is secure, came under scrutiny after an official Google blog post said the Chinese agency had allowed Cairo-based MCS Holdings to issue unauthorized certificates for various Google domains.
That rendered connections between users and those websites vulnerable to 'man-in-the-middle' hacking attacks, Google said. These attacks can intercept and alter communications.
Microsoft Corp and Mozilla, which together with Google develop three of the world's most-used web browsers, also removed trust of those unauthorized certificates last week, following Google's post. Continued...