Let’s Encrypt continues to improve the security and integrity of the Web PKI

Let’s Encrypt is a non-profit certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge. The certificate is valid for 90 days, during which renewal can take place at any time. Let’s Encrypt recently announced a new measure to further protect users from cyber attacks. This new feature, called multi-perspective domain validation, helps certificate authorities (CAs) prove that applicants have control over the domains they want to obtain a certificate.

Image: letsencrypt

Domain verification is not a new issue, but there are still many loopholes in the verification process, which means that network attackers can induce CA agencies to issue certificates by mistake. With multi-angle domain authentication, an attacker needs to destroy three different network paths at the same time, which not only greatly improves the security factor but also finds network attack behaviors faster in the Internet topology community.