The more or less subtle skirmish between Google and China continues as the IT giant announces that its products will no longer recognize any of the security certificates granted by CINIC. This is a bit more important than you would imagine at first, as China Internet Network Information Center is the authority that distributes security certificates for the .cn country domains as well as all the domain names in Chinese language. This measure even includes the Chinese government website.
This decision was triggered by an incident that happened two weeks ago, in which several Google domains were issued unauthorized digital certificates. Even though an intermediary named MCS Holdings was responsible for the mishap, because it didn't make enough of an effort to safeguard their data, the IT giant still considers CINIC to be the main culprit. "This explanation is congruent with the facts. However, CNNIC still delegated their substantial authority to an organization that was not fit to hold it,” said the first official post written by the company about the situation. The following post simply announced that Chrome and other Google services will no longer recognize security certificates issued by the Chinese authority.
The good news is that the American giant isn't blind to the needs of its customers and has allowed legitimate companies a grace period in which they can conduct their business in normal fashion. I'm not very sure about how long this period will be, but Google plans to be very transparent with this whole issue, placing the entire list of trusted websites in a publicly available whitelist.