Say Goodbye to Fraudulent HTTPS Certificates: New Rules Set to Boost Security!
Trust in HTTPS certificate issuance has been given a makeover with the introduction of new practices by the CA/Browser Forum Baseline Requirements. To combat BGP hijacks, Multi-Perspective Issuance Corroboration (MPIC) is now a must. Starting March 15, 2025, CAs will rely on MPIC for bulletproof validation and say goodbye to weak domain control validation methods.
Hot Take:
Move over, Batman! The real superheroes are here, and they’re wearing certificates! With these new standards, the CA/Browser Forum is turning the domain validation process into a multi-perspective, globe-trotting adventure! Who knew that BGP hijacking was the villain we needed to be wary of? It’s like watching a cyber-thriller, except this one has a happy ending for once—unless you’re a cybercriminal, in which case, it’s time to find a new hobby.
Key Points:
– BGP hijacks and prefix-hijacking previously allowed fraudulent certificate issuance.
– Multi-Perspective Issuance Corroboration (MPIC) is the new hero in town.
– MPIC requires validation from multiple geographic locations and ISPs.
– Linting is now mandatory for certificate issuance starting March 15, 2025.
– Chrome Root Program to ban weak domain validation methods by July 15, 2025.