China’s internet authority and Google are in a war over Google’s announcement that they won’t recognize the trust certificates for Chinese websites any more.
According to StatCounter, China’s top web browser is Google Chrome, with a 53 percent market share in the last year.
Google has declared that its products, including its web browser Google Chrome, shall no longer recognize the certificates of security issued by the CNNIC (China Internet Network Information Center) which is China’s internet authority. This implies that when users try to go to a China websites using Google Chrome, which is certified by the CNNIC, a security warning message regarding the website’s security will be presented to them. Nevertheless, users are allowed to ignore this warning and continue to the site, but Google will label all “secure” Chinese websites as “questionable”. Google said that for limited time HTTPS certificates that were previously issued from CNNIC will be marked as trusted in Google Chrome throughout a publicly disclosed whitelist.
Security Certificate Facts
A security certificate is basically a digital document with the purpose of proving that a domain name of certain website really belongs to the company that asserts to own it. There is sometimes a padlock in the web address bar’s corner, meaning that communication with the site is encrypted and secure, as well as that it is certified by a certificate authority (CA). China Internet Network Information Center (CNNIC) is that sort of organization that is dealing with certifying Chinese websites.
What Is the Problem?
Google has accused MCS Holdings, one of CNNIC’s certificate authorities, of issuing security certificate that was unauthorized for various Google domains, and was afterwards used by a web company from Egypt to run a so called “man-in-the-middle” attack. This sort of attack tries to obstruct communications between a server and a compromised website. If the digital certificate on a certain website isn’t authorized, it implies that the encryption is unstable and there is the possibility that the website’s user might have its details stolen. However, there is no proof that Google’s Chinese website’s users were affected.
Google vs. CNNIC
MCS Holding signifies this security lapse as a “human mistake”. Google’s search titan was conciliatory to the CNNIC, and Google claimed on its official blog that they applaud the proactive steps of the CNNIC, and welcome the CNNIC to reapply when suitable procedural and technical controls are in place. However, the CNNIC slammed Google’s move, and stated that Google’s decision is unintelligible and unacceptable to CNNIC.
Is China Still Important to Google
No matter whether Google overreacted or not to the security lapse, this conflict with China Internet Network Information Center has impaired its relationship with China. China Internet Watch reports that even though most Google services are excluded in China, Google still distributes display ads there that claimed 12 percent of all China’s search engine revenue in the last year. Of course, Google doesn’t reveal the worthiness of that business, but according to iResearch’s estimation, Google generated $260 million from mainland China in ad revenues during last year’s third quarter.