Securing Certificate Issuance using Multipath Domain Control Validation

Public Key Infrastructure (PKI) is crucial for securing internet communication through digital certificates issued by Certificate Authorities (CAs). PKI enables HTTPS encryption, which is vital for websites handling sensitive data like banking credentials or private messages. However, recent research has shown that common Domain Control Validation (DCV) methods are vulnerable to Border Gateway Protocol (BGP) hijacking attacks, where adversaries can obtain certificates for domains they do not own. To address this issue, Cloudflare offers a free API tool for CAs to perform DCV from multiple vantage points worldwide, making it virtually impossible for an attacker to mislead a CA into thinking they own a domain when they actually don't.