Google Inc’s (NASDAQ:GOOGL) Chrome and Mozilla’s Firefox plan on banishing China’s Internet Network Information Center. This is after unauthorized credentials for Gmail, and several other Google dominions were issued following a breach of trust.
The decision will greatly affect the users of Google Chrome and Mozilla Firefox. Most of these users use these browsers to access their e-commerce and online payment services. Without the recognition of those certificates, users will not be able to access most if not all the websites.
Google Inc. will, however, allow a grace period to the website operators who have been affected by the decision. The added time will allow them to obtain the respective authorizations from alternative
Once the grace period is over, Mozilla and Google Inc. will bar all the certificates from the China Network Information Centre. The move will only affect the certificates from CNNIC that will be issued from the beginning of April.
CNNIC had parented MCS Holdings, an Egyptian company, during the issuance of the unauthorized certificates. MCS Holdings distributed these certificates.
The banishment of a certificate authority has not happened since 2011, when Diginotar, a Netherland-based company was banned. However, other Certificate Authorities have been luckier that the same did not happen to them despite similar unauthorized license issuance.
Mozilla and Google are among the top browsers currently. Three updates pertaining the matter have been released. In the first update, Richard Barnes, who is Mozilla’s Cryptographic Engineer, announced Mozilla’s importance to the discussion and possible delays in releasing the official plan.
The plan in consideration is expected to reject certificates linked to CNNIC after the grace period ends. Also, CNNIC should produce a list of certificates that are currently valid and print it for public viewing to identify backdated certificates. The certificate authority will also be given a chance to re-apply. If the application fails, this will see the root certificates being removed.
In the second update, CNNIC announced that Google Inc.’s decision is rather harsh and unacceptable, urging Google to consider user rights. In addition, the Certification Authority assured that the rights and interests of those issued with certificates will not be affected.
The third post was from Mozilla’s Kathleen Wilson, who posted on a blog. She confirmed the plans for blocking CNNIC certificates in Firefox.