The Indian Controller of Certifying Authorities (Indian CCA) has launched an investigation into the issue of unauthorized certificates to Google domains by the National Informatics Centre Certifying Authority (NICCA) of India, Google has informed on its online security blog. Such a certificate could have been used for unauthorized eavesdropping on Google services such Gmail or Google Docs. The company has clarified that only Windows users were affected by this issue as the India CCA certificates are included in the Microsoft Root Store. It does not know of any other root store that has these certificates. This root store is trusted by several Windows programs including Internet Explorer and Chrome. Google notes that Firefox users were not affected because it uses a different root store that doesn’t include these certificates. Google mentions that it became aware of these certificates on July 2 and contacted India CCA and Microsoft about the issue. NICCA is the official body responsible for the issuance and maintenance of digital certificates for usage within the Government of India domain. It fulfills requirements of trustworthiness of a Certifying Authority as laid down by the IT Act 2000.' Google also blocked these certificates in Chrome with a CRLSet push. For example, if you visit the NICCA website from any browser, you get a message stating that it may not be safe to open the website as there is a problem with the website's certificate. The Indian CCA launched the investigation the next day itself, while NICCA stopped issuing digital certificates. The agency…
