/plushcap/analysis/cloudflare/secure-certificate-issuance

Securing Certificate Issuance using Multipath Domain Control Validation

What's this blog post about?

Public Key Infrastructure (PKI) is crucial for securing internet communication through digital certificates issued by Certificate Authorities (CAs). PKI enables HTTPS encryption, which is vital for websites handling sensitive data like banking credentials or private messages. However, recent research has shown that common Domain Control Validation (DCV) methods are vulnerable to Border Gateway Protocol (BGP) hijacking attacks, where adversaries can obtain certificates for domains they do not own. To address this issue, Cloudflare offers a free API tool for CAs to perform DCV from multiple vantage points worldwide, making it virtually impossible for an attacker to mislead a CA into thinking they own a domain when they actually don't.

Company
Cloudflare

Date published
June 18, 2019

Author(s)
Dina Kozlov, Gabbi Fisher

Word count
2709

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.