The timing of this is no accident. Google is pulling one of China’s biggest Certificate Authorities from its products.
Update – April 1: As a result of a joint investigation of the events surrounding this incident by Google and CNNIC, we have decided that the CNNIC Root and EV CAs will no longer be recognized in Google products.
This reaction is the result of one of CCNIC’s (China Internet Network Information Center) intermediates falsely issuing certificates for Google domains.
So what do you do if one of the 3 major browsers in existence blocks your Certificates, and thus your entire business? You reply. With a 2 line statement.
The decision that Google has made is unacceptable and unintelligible to CNNIC, and meanwhile CNNIC sincerely urge that Google would take users’ rights and interests into full consideration.
The irony is that Google actually did consider their users’ rights. That’s why they’re blocking the CA.
I don’t think it’s a coincidence Google is doing this just a few days after the largest DDoS Github ever faced was tracked back to a man-on-the-side attack launched from China.
If it isn’t a cyber war yet, it soon will be.