Mozilla along with Google refuses to recognize new certificates of trust issued by Chinese Internet agency.
On Wednesday, Google Inc said in a blog post that none of the Google products will recognize digital security certificates issued by the Chinese government, in simple words it meant that it will repress the Chrome browser users from visiting the Chinese sites. On Thursday, Mozilla Corp, the creator of Firefox browser extended its complete support to Google’s decision in the act of non recognition of new certificates of trust issued by Chinese Internet agency.
As per NetMarketShare which is an Internet analytic firm the Google’s Chrome and Mozilla’s Firefox contributes to a total of 40% of the world wide browser market. With this decision from the giant browser sites it could disturb users who access wide ranges of the Chinese websites. From 1st April users who are using the Firefox browser or Chrome browser would receive a pop up message as soon as they enter any ‘.cn’ country code or any site with Chinese language domain name; warning the users of probable hackers if they continue to visit the site.
As per a blog: Google made its decision after it discovered that the China Internet Network Information Center (CNNIC); an official body which registers China’s domain names; “had let a third-party company issue unauthorized security certificates for Google domains.” Basically a security certificate is a mark of digital trust and it gives token to the incoming traffic that the particular site is secure and safe from hackers. Internet authorities across the globe issue the Certificate of trust to websites and this is a sort of verification to their authenticity to ensure safety of the web browser. On the contrary, hackers could mimic unverified websites and hijack important and confidential data by using the “man-in-the-middle” attack.
Egyptian company called MCS Holdings, mishandled a matter last week by blaming a security lapse that took place on a test network to human error. CNNIC had delegated its authority to MCS holdings, which is an unauthorized third party, to issue security certificates to Google domains. This act of CNNIC has been condemned by Google in its blog post on Wednesday. Mozilla too joined Google in this movement and declared that CNNIC’s action represents “egregious practice.” Mozilla in a blog said the security documents of the third party company was unorganized also it did not mention as to how it planned to protect the encryption keys.
In the recent times, China has banned Google, Facebook and Twitter and also many tech companies. In addition Apple and Microsoft have been complaining of repeated hacking incidents which seems to be arranged for by the Beijing officials. The conflicts between the Chinese authorities and the tech companies seems to be taking an enormous shape. China is attempting to implement new cyber-security rules wherein all the internet companies would require to install encryption approved by Beijing and also the company would need to hand over the secret source code to these officials. U.S. government is protesting against this rule.
Further, Google and Mozilla has announced that CNNIC needs to change its certificate issuing procedure and then could “re apply” to get recognition in their respective browsers.
A word of caution to all the users of internet is to be more careful of the hackers while they browse any of the Chinese sites.