A Certificate Authority
By Charles Miller
The column that appeared here a couple of weeks ago prompted a spirited political discussion around the table at the coffee shop where I was enjoying a break with some friends. The focus of the discussion was the extent to which politics is intruding into the governance of the Internet we all use every day.
A Certificate Authority (CA) is an organization that issues SSL certificates (certs for short). Certs are used by secure web sites to ensure that your connection is secure, and a valid cert is what protects you from connecting to some fake web site pretending to be your bank. CAs have the sacred responsibility of making sure that crooks never get their hands on a legitimate cert that they could use to empty your bank account.
More than 400 organizations with names such as DigiCert, GoDaddy, and Edicom (Mexico) are CAs trusted by Apple, Google, Microsoft, etc., so when we use our computers or other devices we also trust those companies. It is implied that all the CAs did due diligence in issuing all their certificates and that they never issue fraudulent certs.
In 2014, the Dutch company DigiNotar issued fraudulent certs that allowed parties in Iran to hack into Gmail accounts. Allegedly, Iranian authorities did this to crack down on dissidents, but we do not know. What we do know is that DigiNotar violated a sacred trust and this is why Apple, Google, Microsoft, and others stopped trusting DigiNotar. In one fell swoop DigiNotar lost all its customers, and with the certain knowledge that they would never again get any new ones, the company shut down and filed for bankruptcy.
There is now an ongoing situation between Google and the China Internet Network Information Center (CNNIC). For Google, the lines are clear: if you break the sacred trust, we no longer will trust you. This means your Chrome browser can no longer connect to certain web sites with CNNIC-issued certificates.
A different dynamic this time is that CNNIC is not a private company but part of the Ministry of Industry and Information Technology of the People’s Republic of China. The PRC is a nation state that is not about to go out of business just because Google does not trust them anymore. And unlike DigiNotar, China is pushing back against being blacklisted. Their response says, “The decision that Google has made is unacceptable…” and “For the users that CNNIC has already issued the certificates to, we guarantee that your lawful rights and interests will not be affected.” It is not clear how China intends to force Google and others to start trusting CNNIC again, but China does have an army and navy, not to mention the bomb and missiles to deliver them. So, watch out Google!
Clearly, the Chinese government does not take well to being pushed around by an American company like Google. CNNIC continues to be unrepentant while Google and others continue to blacklist CNNIC for violating our trust. This intrusion of politics into the technical administration of the Internet is something few of us could have imagined, and if this results in Balkanizing the Internet, then this does not bode well for any of us who use it.
Charles Miller is a freelance computer consultant, a frequent visitor to San Miguel since 1981 and now practically a full-time resident. He may be contacted at 415 101-8528 or email FAQ8 (at) SMAguru.com.