Border Gateway Protocol (BGP) hijacking has long represented a critical vulnerability in the internet’s infrastructure, allowing attackers to silently redirect traffic between endpoints. The risk is so great the U.S. government has even branded it as a national security concern.
A particularly concerning exploitation target is the domain validation process used by certificate authorities (CA) to verify ownership before issuing SSL/TLS certificates. These are the certificates that are used by all web browsers to connect securely to websites. To combat this threat, the CA/Browser Forum has issued a directive for CAs to support Multi-Perspective Issuance Corroboration (MPIC), starting in September 2025.
MPIC is a method to enhance the security of certificate issuance by validating domain ownership and CA checks from multiple network vantage points. It helps prevent BGP hijacking by ensuring that validation checks return consistent results from different geographical locations. The goal is to make it more difficult for threat actors to compromise certificate issuance by redirecting internet routes.
In order to help implement MPIC and enable CAs to actually support it, the open-source Open MPIC project has emerged. The project is developed by Sectigo and Princeton University researchers to provide a scalable, low-barrier solution for certificate authorities to implement this validation technique.
“What makes BGP hijacking so dangerous is that you don’t need to hijack the route for very long to succeed,” Dmitry Sharkov, principal architect at Sectigo and lead architect for Open MPIC, told Network World. “You can briefly divert a CA’s validation check to a malicious server, trick it into issuing a legitimate certificate, and then disappear. That’s all it takes.”
The critical weakness in domain validation
Certificate issuance security hinges on accurate domain control validation (DCV), the process of verifying that certificate applicants legitimately control the domains for which they request certificates.
Traditional validation methods rely on DNS lookups, HTTP challenges or email verification, all of which depend on proper internet routing. BGP’s inherent lack of security controls creates the opportunity for traffic hijacking.
“When a CA performs a domain control check, it assumes the traffic it sends is reaching the right server,” Sharkov said. “But that’s not always true.”
The consequences are significant: Fraudulently obtained certificates enable convincing website impersonation and potential encrypted traffic interception.
How Open MPIC works
The Open MPIC framework implements a straightforward but effective security principle: Check the same validation data from multiple disparate locations on the internet.
“The fix is to make certificate validation less reliant on any one route,” Sharkov explained. “Instead of validating a domain from a single network location, MPIC requires CAs to check from multiple, geographically diverse vantage points.”
This approach increases the work required for successful attacks, as an attacker would need to simultaneously compromise routing to multiple geographically diverse vantage points. As such, if one region gets misled by a BGP hijack, others can catch the discrepancy and stop the certificate from being issued.
The technical implementation includes several key components:
- A core validation library that performs consistent checks across environments
- Deployment options for both AWS Lambda (serverless) and Docker containers
- Quorum logic that requires agreement between perspectives
- Geographic diversity enforcement
- Support for all standard domain validation methods
Architecture: Coordinating global validation perspectives
Open MPIC operates through a parallel validation architecture that maximizes efficiency while maintaining security. When a domain validation check is initiated, the framework simultaneously queries all configured perspectives and collects their results.
“If you have 10 perspectives, then it basically asks all 10 perspectives at the same time, and then it will collect the results and determine the quorum and give you a thumbs up or thumbs down,” Sharkov said.
This approach introduces some unavoidable latency, but the implementation minimizes performance impact through parallelization. Sharkov noted that the latency is still just a fraction of a second.
The evolution of a security solution
Open MPIC began as a research project at Princeton University before evolving into a practical industry solution.
The CA/Browser Forum has established a phased implementation schedule, starting with monitoring from two perspectives in March 2025, and enforcement beginning in September. By December 2026, the requirement increases to five distinct perspectives.
The project already has active users across the certificate authority ecosystem, with a growing community of contributors.
Democratizing security through open source
The open source nature of the project addresses a significant challenge for the industry. While large certificate authorities often have the resources to build their own solutions, many smaller CAs would struggle with the technical and infrastructure requirements of multi-perspective validation.
“If you’re a large CA and fairly well resourced, you probably have the infrastructure to just roll your own MPIC,” Sharkov said.
On the other hand, he noted that smaller CAs might not have the same resources and it would be a challenge to properly implement MPIC on their own.
“That was the idea. It’s sort of just a way to have a low barrier to entry for MPIC so that CAs can stay compliant with regards to the baseline requirements,” he said.
Source:: Network World