Google penalizes China’s largest web registrar CNNIC on HTTPS registrations

Photo of author

By Jacob Maslow

Internet SecurityGoogle (NASDAQ:GOOG) has announced that it will no longer be accepting HTTPS entries registered with China’s CNNIC (China Internet Network Information Center). CNNIC is China’s largest domain registrar. HTTPS is a crucial security technology that prevents web data transmissions from being intercepted.

Considering Google’s troubled history in the Chinese market, Google apparently didn’t come to this drastic decision lightly. It appears that a CNNIC HTTPS registration was used by a web company based in Egypt to do a ‘man in the middle’ security breach. The Mountain View CA search giant is apparently convinced that the Chinese registrar isn’t policing its HTTPS authorizations very closely and this can lead to security lapses.

So far, CNNIC is simply asking Google to reconsider its decision. By and large, Google’s decision to stop honoring CNNIC’s HTTPS registrations won’t impact the rank and file CNNIC customer. Indeed, old HTTPS certificates issued by CNNIC will still continue to work. Only new HTTPS certifications by CNNIC will be impacted by Google’s move. Also, this bar might not be permanent since CNNIC is now working with Google’s Certificate Transparency Process to clean up its act.

In terms of political impressions, by blocking HTTPS registrations by CNNIC, Google might actually be putting itself in the good graces of China’s Internet regulators. The guardians of China’s Great Firewall have actually been discouraging Chinese Internet companies from using HTTPS because it interferes with the government’s snooping and censorship policies. So far, Chinese official discouragement has been so strong that the actual number of CNNIC HTTPS certificates have been quite low. How low? We’re talking .1 percent.

Images Courtesy of DepositPhotos