Draconian move follows the issuance of certificates masquerading as Google domains.
Google's Chrome browser will stop trusting all digital certificates issued by the China Internet Network Information Center following a major trust breach last week that led to the issuance of unauthorized credentials for Gmail and several other Google domains.
The move could have major consequences for huge numbers of Internet
users as Chrome, the world's second most widely used browser, stops
recognizing all website certificates issued by CNNIC. That could leave
huge numbers of users suddenly unable to connect to banks and e-commerce
sites. To give affected website operators time to obtain new
credentials from a different certificate authority, Google will wait an
unspecified period of time before implementing the change. Once that
grace period ends, Google engineers will blacklist both CNNIC's root and
extended-validation certificates in Chrome and all other Google
software.
The unauthorized certificates were issued by Egypt-based MCS Holdings,
an intermediate certificate authority that operated under the authority
of CNNIC. MCS used the certificates in a man-in-the-middle proxy, a
device that intercepts secure connections by masquerading as the
intended destination. Such devices are sometimes used by companies to
monitor employees' encrypted traffic for legal or human resources
reasons. It's the one of the first times a certificate authority has
faced such a banishment since the downfall of Netherlands-based DigiNotar in 2011. Other CAs, including US-based Trustwave,
have also done what CNNIC did without getting the boot. While worldwide
Chrome is the No. 2 most used browser, it had a commanding, 52-percent
share in China last year, compared to 23 percent for IE.Read more Click here / www.advante360.com
No comments:
Post a Comment