My OTF Apply
My OTF Apply

Securing Domain Validation

This project aims to secure Internet domain validation against attackers that manipulate Internet routing via Border Gateway Protocol (BGP) hijack and interception attacks.

Background: The Public Key Infrastructure protects users from malicious man-in-the-middle attacks by having trusted Certificate Authorities vouch for the identity of servers on the Internet through digitally signed certificates - usually displayed to users on their Internet browser via a small padlock icon near the address bar. Ironically, the mechanism that Certificate Authorities use to issue certificates (domain validation) is itself vulnerable to man-in-the-middle attacks by network-level adversaries.

This project is analyzing the attack surface of domain validation against BGP-based attacks, designing countermeasures to secure domain validation protocols, and deploying them in real-world production systems for creating societal impact.

Get the word out

Current project status

Just an idea (Pre-alpha)
It exists! (Alpha/Beta)
It's basically done (Release)
People use it (Production)

Funding to date

2017 $300,000 12 months
Internet Freedom Fund

Total Funding: $300,000

Addressed problems

  • Technical attacks against government critics, journalists, and/or human rights organizations (Cyberattacks)
  • Repressive surveillance or monitoring of communication


  • Deploying technology
  • Research


  • General public


  • Global

Technology attributes

  • Networking
  • Other

We wrote about it