Sectigo Leads Open MPIC Project to Bolster Certificate Security Against BGP Threats

As the CA/Browser Forum Strengthens Validation Rules, Sectigo Reinforces Its Leadership in Digital Trust with Open-Source Innovation and Industry Collaboration

Sectigo, a global leader in digital certificates and automated Certificate Lifecycle Management (CLM), in collaboration with researchers at Princeton University, today announced its pivotal role in the Open MPIC (Multi-Perspective Issuance Corroboration) Project. Sectigo’s Principal Architect, Dmitry Sharkov, serves as the project’s lead architect in developing an open-source tool that helps Certificate Authorities (CAs) comply with new CA/Browser Forum requirements aimed at enhancing the security of digital certificate issuance against Border Gateway Protocol (BGP) attacks.

Before issuing a certificate to a website, a CA must verify that the requester legitimately controls the domain listed in the certificate. Although current Domain Control Validation (DCV) methods are in place, research has shown that BGP attacks can still enable fraudulent certificate issuance. Meanwhile, the U.S. government has raised concerns about broader security threats stemming from BGP vulnerabilities. Open MPIC addresses this risk by providing open-source tools that enable CAs to perform DCV from multiple, geographically diverse vantage points, making it significantly harder for routing attacks to lead to misissuance.

“The Open MPIC project marks a critical step forward in addressing the growing risks of certificate misissuance due to BGP vulnerabilities,” said Kevin Weiss, chief executive officer at Sectigo. “As threats to the WebPKI evolve, Sectigo is committed to driving open-source innovation that strengthens the integrity of the internet. We’re particularly proud of Dmitry Sharkov’s leadership in advancing Open MPIC, fostering critical industry collaboration to help prevent certificate misissuance and strengthen the entire WebPKI ecosystem.”

Following timelines imposed by the CA/Browser Forum, CAs must adhere to these phased MPIC requirements:

• September 15, 2025: CAs must validate from at least two remote perspectives.
• March 15, 2026: CAs must validate from at least three remote perspectives.
• June 15, 2026: CAs must validate from at least four remote perspectives.
• December 15, 2026: CAs must validate from at least five remote perspectives.

As Lead Architect, Sectigo’s Sharkov is working in collaboration with co-founders Henry Birge-Lee and Grace Cimaszewski from Princeton University to develop and maintain the project's core library, API specifications, and deployment solutions: “It’s an honor to contribute to a project like Open MPIC that brings the PKI industry together to tackle real-world security challenges,” said Sharkov. “I’m grateful to collaborate with such talented peers, and I hope our work helps the Certificate Authority community move forward with greater trust and resilience.”

Open MPIC joins other key contributions to the WebPKI from Sectigo such as pkimetal and crt.sh. Holding a record five chair positions in the CA/Browser Forum and leading the way amongst all organizations in contributing to essential WebPKI infrastructure and services, Sectigo is committed to advancing the security and reliability of the world’s public certificates. Sectigo continues to define the future of digital trust by driving technological innovation, strengthening WebPKI, and ensuring the highest security standards.

Learn more about Open MPIC at the following:

• Podcast – Root Causes ep.485: What Is Open MPIC? Featuring Dmitry Sharkov
• Blog – Open MPIC: The Open-Source Path to Secure Multi-Perspective Issuance Corroboration

About Sectigo

Sectigo is the most innovative provider of certificate lifecycle management (CLM), delivering comprehensive solutions that secure human and machine identities for the world's largest brands. Sectigo’s automated, cloud-native CLM platform issues and manages digital certificates across all certificate authorities (CAs) to simplify and improve security protocols within the enterprise. Sectigo is one of the largest, longest standing, and most reputable CAs with more than 700,000 customers, six combined active seats in the CA/Browser Forum and ETSI, and two decades of delivering unparalleled digital trust. For more information, visit www.sectigo.com or follow us on LinkedIn.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250520216729/en/