The Mozilla Foundation plans to reject new digital certificates issued by the China Internet Network Information Center (CNNIC) in its products, but will continue to trust certificates that already exist.

The move will follow a similar decision announced Wednesday by Google and is the result of CNNIC, a certificate authority (CA) trusted in most browsers and operating systems, issuing an unrestricted intermediary certificate to an Egyptian company called MCS Holdings.

Intermediary certificates inherit the power of the issuing certificate authority and can be used to issue trusted certificates for domain names owned by other organizations.

CNNIC issued the intermediary certificate to MCS Holdings under an agreement that the company will use it to test new cloud services it was developing. However, allegedly due to human error, the certificate was installed in a firewall device that had HTTPS (HTTP Secure) traffic inspection capabilities.

The device automatically used it to generate certificates for domain names owned by Google in the process of intercepting HTTPS traffic between an internal MCS Holdings computer and Google’s services. Google became aware of the unauthorized certificates for its Web properties because of a feature in Chrome that reported them to the company.

Read the Full Article: Source – PC World
http://www.pcworld.com/article/2905592/like-google-mozilla-set-to-punish-chinese-agency-for-certificate-debacle.html

source not found