data lock encryption security
Last month, a Chinese certificate authority issued valid security certificates for a number of domains, including Google’s, without their permission, which resulted in a major trust breach in the crypto chain. CNNIC had delegated its authority to Egyptian intermediary MCS Holdings to issue the certificates in question and the company installed it in a man-in-the-middle proxy internally. Google said in its original post that CNNIC had “delegated their substantial authority to an organization that was not fit to hold it.” Today, the company has updated its post saying it will drop the CNNIC root certificate authority entirely after a joint investigation into what happened, despite…

This story continues at The Next Web