Apple Leaves Chinese CNNIC Root In OS X and iOS Trusted Stores

Posted by timothy on Thursday April 9, 2015 @03:31AM from the trusted-by-whom dept.

Trailrunner7 writes When it was revealed late last month that a Chinese certificate authority had allowed an intermediate CA to issue unauthorized certificates for some Google domains, both Google and Mozilla reacted quickly and dropped trust in CNNIC altogether. Apple on Wednesday released major security upgrades for both of its operating systems, and the root certificate for CNNIC, the Chinese CA at the heart of the controversy, remains in the trusted stores for iOS and OS X. The company has not made any public statements on the incident or the continued inclusion of CNNIC's certificates in the trusted stores.

2 of 100 comments (clear)

Min score:

Reason:

Sort:

"Unusually harsh" by Anonymous Coward · 2015-04-09 04:03 · Score: 2, Interesting

TFA calls it "an unusually severe punishment by both Google and Mozilla." Presumably there are many, many people relying on perfectly valid CNNIC certificates and typically the actions of one rogue intermediate CA doesn't require burning things to the ground (of course if it happens again, then you can no longer call it a mistake). TFA also notes in the very last line Microsoft didn't pull CNNIC either, but the headline and 99% of the article makes no mention of that.
So. by Sir_Real · 2015-04-09 04:33 · Score: 1, Interesting

How do I remove this CA from my macbook?