Google has announced that its web browser Chrome and other products will no longer recognize security certificates issued by the China Internet Network Information Center (CNNIC), the government agency that oversees China’s domain name registry.
This is significant because CNNIC administers security certificates for the .cn country code, as well as Chinese-language domain names, which are open to businesses registered within China.
The ban comes two weeks after Google noticed unauthorized digital certificates for several Google domains that were issued through MCS Holdings, an intermediate certificate authority contracted by the CNNIC.
The CNNIC explained to Google that instead of keeping the security certificate’s private key safely tucked away in a proper hardware security module, MCS Holdings installed it in a man-in-the-middle proxy, leaving it extremely vulnerable to interception.
“This explanation is congruent with the facts. However, CNNIC still delegated their substantial authority to an organization that was not fit to…
View original post 354 more words