My Apply
My Apply

Securing Domain Validation

This project secures Internet domain validation against attackers that manipulate Internet routing via Border Gateway Protocol (BGP) hijack and interception attacks.

Background: The Public Key Infrastructure protects users from malicious man-in-the-middle attacks by having trusted Certificate Authorities vouch for the identity of servers on the Internet through digitally signed certificates - usually displayed to users on their Internet browser via a small padlock icon near the address bar. Ironically, the mechanism that Certificate Authorities use to issue certificates (domain validation) is itself vulnerable to man-in-the-middle attacks by network-level adversaries.

This project analyzed the attack surface of domain validation against BGP-based attacks, designed countermeasures to secure domain validation protocols, and deployed them in real-world production systems such as Let's Encrypt and Cloudflare. This provides protection from these attacks to hundreds of millions of websites around the globe.

Get the word out

Current project status

Just an idea (Pre-alpha)
It exists! (Alpha/Beta)
It's basically done (Release)
People use it (Production)

Funding to date

2017 $300,000 18 months
Internet Freedom Fund

Total Funding: $300,000

Addressed problems

  • Technical attacks against government critics, journalists, and/or human rights organizations (Cyberattacks)
  • Repressive surveillance or monitoring of communication


  • Security from danger or threat online


  • Deploying technology
  • Research


  • General public

Region(s) archive

  • Global

Project status

  • People Use It. (Production)

Technology attributes

  • Networking
  • Other

We wrote about it

Your cookie settings

This website deploys cookies for basic functionality and to keep it secure. These cookies are strictly necessary. Optional analysis cookies which provide us with statistical information about the use of the website may also be deployed, but only with your consent. Please review our Privacy & Data Policy for more information.