Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chinese Certificate Authority CNNIC Is Dropped From Google Products

Posted by timothy on from the reject-your-reality-and-substitute-our-own dept.

eldavojohn writes A couple weeks ago, Google contacted the CNNIC (China's CA) to alert them of a problem regarding the delegated power of issuing fraudulent certificates for domains (in fact this came to light after fraudulent certificates were issued for Google's domains). Following this, Google decided to remove the CNNIC Root and EV CA as trusted CAs in its Chrome browser and all Google products. Today, the CNNIC responded to Google: "1. The decision that Google has made is unacceptable and unintelligible to CNNIC, and meanwhile CNNIC sincerely urge that Google would take users' rights and interests into full consideration. 2. For the users that CNNIC has already issued the certificates to, we guarantee that your lawful rights and interests will not be affected." Mozilla is waiting to formulate a plan.

2 of 176 comments (clear)

  1. Re:Firefox response by Lennie · · Score: 5, Informative

    Here is a link to the latest Mozilla statement on the mailinglist/newsgroup:
    https://groups.google.com/d/ms...

    --
    New things are always on the horizon
  2. Re:Mozilla formulating a plan? by Anonymous Coward · · Score: 5, Informative

    You know you can do this yourself in Firefox and Thunderbird.

    Options -> Advanced -> Certificates -> View Certificates -> Authorities -> Delete or Distrust...