My Apply
My Apply

Securing Domain Validation

This project aims to secure Internet domain validation against attackers that manipulate Internet routing via Border Gateway Protocol (BGP) hijack and interception attacks.

Background: The Public Key Infrastructure protects users from malicious man-in-the-middle attacks by having trusted Certificate Authorities vouch for the identity of servers on the Internet through digitally signed certificates - usually displayed to users on their Internet browser via a small padlock icon near the address bar. Ironically, the mechanism that Certificate Authorities use to issue certificates (domain validation) is itself vulnerable to man-in-the-middle attacks by network-level adversaries.

This project is analyzing the attack surface of domain validation against BGP-based attacks, designing countermeasures to secure domain validation protocols, and deploying them in real-world production systems for creating societal impact.

Get the word out

Current project status

Just an idea (Pre-alpha)
It exists! (Alpha/Beta)
It's basically done (Release)
People use it (Production)

Funding to date

2017 $300,000 12 months
Internet Freedom Fund

Total Funding: $300,000

Addressed problems

  • Technical attacks against government critics, journalists, and/or human rights organizations (Cyberattacks)
  • Repressive surveillance or monitoring of communication


  • Deploying technology
  • Research


  • General public


  • Global

Technology attributes

  • Networking
  • Other

We wrote about it