Google is in a war with China’s internet authority over the Google’s proclamation saying that they will no longer approve the trust certificates for China’s websites.
StatCounter claims that Google Chrome is the top web browser in China with 53% market share in 2014.
Restrictions from Google
Google has informed that its products along with its browser Google Chrome won’t approve the security certificates that CNNIC has issued any more. CNNIC (China Internet Network Information Center) is the internet authority in China. These restrictions mean that the users attempting to visit Chinese websites via Google Chrome that is certified by the China Internet Network Information Center will be presented with a warning message related to the website’s security. Still, the users have the possibility of ignoring this warning and continuing to the site; but all “secure” China’s websites will be labeled as “questionable” by Google. Google also informed that for some time the HTTPS certificates which were issued from China Internet Network Information Center will be signed as trusted in Chrome thru a publicity disclosed whitelist.
What is a Security Certificate?
A security certificate is actually a digital document which will establish that a certain website’s domain name indeed belongs to the company which states to own it. You can sometimes note a padlock in the corner of web address bar implying that the communication with the website is safe and encrypted and certified by a CA (certificate authority) as well. CNNIC is that type of organization which deals with certifying China’s websites.
The Issue Which Caused This Conflict
Google has charged one of the certifying authorities of CNNIC-MCS Holdings of approving security certificate which was unauthorized for several Google domains and that was later used by an Egypt’s web company to run a so-called “man-in-the-middle” accession. This type of attack aims to impede communications between a compromised site and a server. Unauthorized digital certificate on some website means that the encryption isn’t stable and that there’s a chance of stealing details from the website’s user. Nevertheless, there is no evidence in affecting Google’s Chinese site’s users.
Google vs. China Internet Network Information Center
MCS Holding refers to this security mistake as a “human mistake”. The Google’s search giant was pacific to the CNNIC, so Google informed on their official blog that they acclaim the CNNIC’s proactive steps and welcome the China Internet Network Information Center to reapply once the adequate procedural as well as technical inspections are in place. Nevertheless, the CNNIC slammed this move by Google and informed that the decision Google has made is inconceivable and unintelligible to CNNIC.