The current CAB Forum Baseline Requirements call for "Multi-Perspective Issuance... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		michaelt on Sept 11, 2024 \| parent \| context \| favorite \| on: We spent $20 to achieve RCE and accidentally becam... The current CAB Forum Baseline Requirements call for "Multi-Perspective Issuance Corroboration" [1] i.e. make sure the DNS or HTTP challenge looks the same from several different data centres in different countries. By the end of 2026, CAs will validate from 5 different data centres. This should make getting a cert via BGP hijack very difficult. [1] https://github.com/cabforum/servercert/blob/main/docs/BR.md#...

iscoelho on Sept 11, 2024 | [–]

See my post above about BGP hijacks: https://news.ycombinator.com/item?id=41511582 - They're way easier than you think.

tialaramex on Sept 11, 2024 | [–]

It is hypothesised to make this more difficult but it's unclear how effective it is in practice. I wouldn't expect it to make a significant difference. We've been here before.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact