Wednesday, July 16, 2014: The government of India is expected to take an action on complaint filed by giants like Google and Microsoft, where they said that NIC (National Informatics Centre) has issued unauthorised digital certificates.
The controller of certifying authorities issues licences and also regulates the working of the same. It is involved in issuing digital certificates to authenticate users. Digital certificate is just like an electronic passport which allows any user to exchange information securely over the internet.
Department of Electronics and Information Technology secretary R S Sharma said, “We are looking into the issue. Certifying authority(CA) is taking all the appropriate steps and working under the guidance of the CCA”.
In a blog last week, this issue was raised by Google saying, “We became aware of unauthorised digital certificates for several Google domains”.“The certificates were issued by NIC, which holds several CA certificates trusted by CCA.
Similarly, Microsoft said that it was aware of improperly issued certificates which can be used to spoof content , perform phishing attacks or perform middle man attacks”.
Meanwhile, CCA in a post said, “Due to security reasons 3 CA certificates issued to NICCA have been suspended till further notice”.
“They reported that NIC’s issuance process was compromised and four certificates were misused, the first on 25 June”, Google added. The certificate holds the name of the certificate holder, serial number, expiration dates,public key (used for encrypting messages and digital signatures) and digital signature of CA so a recipient can verify the certificate.
