Google To Blacklist All Digital Certificates from CNNIC

Posted on the 03 April 2015 by Worldwide @thedomains

ZDNet took a look at Google and their black listing all digital certificates issued by the organization that manages the .cn extension. The article goes on to discuss what steps Firefox may take with regards to CNNIC.

From the article:

A recent alarm over a mis-issued digital certificate for several Google domains has resulted in Google blacklisting China’s main certificate authority.

Google is blacklisting all digital certificates from the China Internet Network Information Center (CNNIC), the organisation that manages the .cn domain and a widely trusted root certificate authority.

Google, Mozilla, and Microsoft last week responded to a mis-issued digital certificate from an Egyptian company called MCS Holdings, which could have allowed an attacker to impersonate a Google site and intercept traffic to and from it.

While the error was MCS Holdings’, Google blamed CNNIC for delegating “substantial authority to an organization that was not fit to hold it”.

 CNNIC had issued an intermediate certificate to MCS on the understanding that the Egyptian company would only use the certificates for its own domains. However, the company used the certificates for *. google.com, *.google.com.eg, *.g.doubleclick.net, *.gstatic.com, www.google.com, www.gmail.com, and *.googleapis.com.
Read the full article article on ZDNET