Securing Certificate Issuance using Multipath Domain Control Validation
Public Key Infrastructure (PKI) is crucial for securing internet communication through digital certificates issued by Certificate Authorities (CAs). PKI enables HTTPS encryption, which is vital for websites handling sensitive data like banking credentials or private messages. However, recent research has shown that common Domain Control Validation (DCV) methods are vulnerable to Border Gateway Protocol (BGP) hijacking attacks, where adversaries can obtain certificates for domains they do not own. To address this issue, Cloudflare offers a free API tool for CAs to perform DCV from multiple vantage points worldwide, making it virtually impossible for an attacker to mislead a CA into thinking they own a domain when they actually don't.
Company
Cloudflare
Date published
June 18, 2019
Author(s)
Dina Kozlov, Gabbi Fisher
Word count
2709
Language
English
Hacker News points
None found.