BEIJING, April 2 (UPI) -- Google's tense relationship with Chinese authorities took another turn when the search engine announced its web browser and other applications will not recognize security certificates from the China Internet Network Information Center, or CNNIC.
Google announced the move in a blog post on March 23, saying the CNNIC had farmed out its certification authority to Egypt-based MCS Holdings, an organization Google described as "not fit to hold (authority)."
TechCrunch reported MCS Holdings accidentally installed the agency's private key to security certificates in a manner that left it exposed to interception.
Google noticed the problem when the search engine picked up on the appearance of unauthorized digital certificates for Google domains.
Related
At present, Google has banned Chinese domain names registered with CNNIC, unless a site is included in a whitelist of legitimate domains CNNIC provides to Google.
Those not on the list will be accompanied by a pop-up warning about their security.
The Chinese agency has balked at Google and called the company's move "unacceptable and unintelligible to CNNIC."
TechCrunch reported CNNIC for its part had relinquished an important line of defense against unauthorized certificates.
If certificates for websites are not certified, they become vulnerable to "phishing" scams, tricking users to enter sensitive data into a fake website, reported The Financial Times.
Charlie Smith of Greatfire.org, who watches Chinese Internet censorship, said China uses the authority of the CNNIC to launch "dangerous attacks that compromise sensitive user information across many foreign media platforms."
Adam Fisk of GetLantern.org, a provider of tools that go around China's Internet blocks, said the "fact there were bogus intermediary certificates issues at all with CNNIC should be enough to warrant what Google did."
