Thursday 2 April 2015

Google Says Trust Certificates In Chinese CNNIC CA


Due to a recent incident with wrongly issued SSL certificates for Google sites Google has confidence in the Chinese certificate authority (CA) CNNIC terminated, which Google products such as Chrome will no longer recognize the certificates of CNNIC. Something that will be implemented through a future update for Chrome. Since this is very big impact, particularly Chinese Chrome users will have Google has decided to permit temporarily issued SSL certificates under CNNIC even by placing them on a public whitelist.

The reason for the measure is the recent discovery of rogue SSL certificates for various Google domains that were created by the Egyptian company MCS Holding. The company had been given the opportunity of CNNIC, which is a root CA. As root CA is CNNIC trusted by all major browsers. CNNIC had spent an intermediate certificate for MCS Holding, which the company for arbitrary domains could create SSL certificates. Because the intermediate certificate of CNNIC came, they were created SSL certificates also trusted by browsers.

According MCS Holding made ​​a human error sure that the existence of the rogue Google certificate was discovered. Google, Microsoft and Mozilla therefore decided to block these certificates. In addition, the CNNIC was heavily charged that MCS Holding gave an intermedia certificate, which the Chinese company had violated all sorts of rules. After further investigation, Google has now decided to tell all the confidence in CNNIC.
Certificate Transparency

Google argues in a statement that it believes that no other unauthorized SSL certificates have been issued or that the rogue Google certificates are used outside the test environment of MCS Holding. Regarding the Chinese certificate authority that Google must "Certificate Transparency" before implementing any request about the renewed confidence of CNNIC is considered.

Certificate Transparency is a technology developed by Google and is intended to address several structural flaws in the SSL certificate system. Thereby to unjustifiably spent and rogue SSL certificates are detected earlier. Mozilla has also decided to Certificate Transparency support .
Update

CNNIC called Google's decision unacceptable and unwise. The Chinese CA Google also calls to take the interests and rights of users into consideration. CNNIC let customers know their rights and interests will not be compromised.

No comments:

Post a Comment