Google Bans China’s Website Certificate Authority After Security Breach


Google has announced that its web browser Chrome and other products will no longer recognize security certificates issued by the China Internet Network Information Center (CNNIC), the government agency that oversees China’s domain name registry.

This is significant because CNNIC administers security certificates for the .cn country code, as well as Chinese-language domain names, which are open to businesses registered within China.

The ban comes two weeks after Google noticed unauthorized digital certificates for several Google domains that were issued through MCS Holdings, an intermediate certificate authority contracted by the CNNIC.

The CNNIC explained to Google that instead of keeping the security certificate’s private key safely tucked away in a proper hardware security module, MCS Holdings installed it in a man-in-the-middle proxy, leaving it extremely vulnerable to interception.

“This explanation is congruent with the facts. However, CNNIC still delegated their substantial authority to an organization that was not fit to…

View original post 354 more words

This entry was posted in Brian By Experience. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s