Cloudflare aims to make HTTPS certificates safe from BGP hijacking attacks

by
Dan Goodin
from Ars Technica - All content on (#4HDRT)
https-800x644.jpg

Enlarge (credit: nternet1.jpg by Rock1997 modified.)

Content delivery network Cloudflare is introducing a free service designed to make it harder for browser-trusted HTTPS certificates to fall into the hands of bad guys who exploit Internet weaknesses at the time the certificates are issued.

The attacks were described in a paper published last year titled Bamboozling Certificate Authorities with BGP. In it, researchers from Princeton University warned that attackers could manipulate the Internet's border gateway protocol to obtain certificates for domains the attackers had no control over.

Browser-trusted certificate authorities are required to use a process known as domain control validation to verify that a person requesting a certificate for a given domain is the legitimate owner. It requires the requesting party to do one of three things:

Read 10 remaining paragraphs | Comments

index?i=OWu2yAqH-vE:kn-WL0oq76c:V_sGLiPB index?i=OWu2yAqH-vE:kn-WL0oq76c:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments