Stories
Slash Boxes
Comments

SoylentNews is people

posted by on Wednesday April 08 2015, @04:22AM   Printer-friendly
from the about-as-far-as-I-can-throw-you dept.

El Reg has published a story which discusses the steps Google and Mozilla are taking, in response to the apparent misuse of a China Internet Network Information Center (CNNIC) intermediate Cetificate Authority (CA) administered by MCS Holdings, who claim it was all just a big mistake.

Firefox-maker Mozilla has joined Google in refusing to recognize SSL certificates issued by the China Internet Network Information Centre (CNNIC).

This should not be a surprise since:

This comes after a security biz in Egypt used a CNNIC-issued intermediate certificate to create unauthorized SSL certs that could be used to trick people into connecting to bogus, password-stealing Gmail.com or Google.com websites.

As a result:

[A]ll Mozilla products – including the Firefox web browser and the Thunderbird email client, among others – will be updated so that all CNNIC-based certificates issued on or after April 1, 2015 are considered untrusted.

Mozilla said it also plans to ask CNNIC for a comprehensive list of all of its current valid certificates. Any certificates issued before April 1 that are not included on this whitelist will also be subject to potential "further action."

Microsoft has also revoked the suspect CNNIC intermediate CA:

Microsoft is updating the Certificate Trust list (CTL) to remove the trust of the subordinate CA certificate. The trusted root Certificate Authority, the China Internet Network Information Center (CNNIC), has also revoked the certificate of the subordinate CA.

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Wednesday April 08 2015, @03:09PM

    by Anonymous Coward on Wednesday April 08 2015, @03:09PM (#167868)

    How does "China Internet Network Information Centre" become "CNNIC"? Shouldn't it be "CINIC"? Or am I believing too easily that China is motivated purely by self-interest rather than acting for honorable or unselfish reasons.

  • (Score: 0) by Anonymous Coward on Wednesday April 08 2015, @04:24PM

    by Anonymous Coward on Wednesday April 08 2015, @04:24PM (#167888)

    Acronyms do not always reflect their English translations. Consider CCCP.

    • (Score: 0) by Anonymous Coward on Thursday April 09 2015, @09:24AM

      by Anonymous Coward on Thursday April 09 2015, @09:24AM (#168241)

      Of course in Chinese the very concept of an acronym doesn't make sense since each Chinese symbol is already a complete word.

  • (Score: 2) by NotSanguine on Wednesday April 08 2015, @10:36PM

    by NotSanguine (285) <NotSanguineNO@SPAMSoylentNews.Org> on Wednesday April 08 2015, @10:36PM (#168026) Homepage Journal

    How does "China Internet Network Information Centre" become "CNNIC"? Shouldn't it be "CINIC"? Or am I believing too easily that China is motivated purely by self-interest rather than acting for honorable or unselfish reasons.

    My guess would be that since '.cn' is the country domain for China, naming China's 'Network Information Center' CNNIC does make some sense.

    I could be completely wrong of course.

    --
    No, no, you're not thinking; you're just being logical. --Niels Bohr