Sectigo, in partnership with Princeton University researchers, announced its key role in the Open MPIC (Multi-Perspective Issuance Corroboration) Project. Dmitry Sharkov, Sectigo’s Principal Architect, is leading development of the open-source tool designed to help Certificate Authorities meet new CA/Browser Forum requirements that strengthen digital certificate issuance security against BGP-related threats.
Before issuing a certificate to a website, a CA must verify that the requester legitimately controls the domain listed in the certificate. Although current Domain Control Validation (DCV) methods are in place, research has shown that BGP attacks can still enable fraudulent certificate issuance. Meanwhile, the U.S. government has raised concerns about broader security threats stemming from BGP vulnerabilities. Open MPIC addresses this risk by providing open-source tools that enable CAs to perform DCV from multiple, geographically diverse vantage points, making it significantly harder for routing attacks to lead to misissuance.
“The Open MPIC project marks a critical step forward in addressing the growing risks of certificate misissuance due to BGP vulnerabilities,” said Kevin Weiss, chief executive officer at Sectigo. “As threats to the WebPKI evolve, Sectigo is committed to driving open-source innovation that strengthens the integrity of the internet. We’re particularly proud of Dmitry Sharkov’s leadership in advancing Open MPIC, fostering critical industry collaboration to help prevent certificate misissuance and strengthen the entire WebPKI ecosystem.”
Following timelines imposed by the CA/Browser Forum, CAs must adhere to these phased MPIC requirements:
- September 15, 2025: CAs must validate from at least two remote perspectives.
- March 15, 2026: CAs must validate from at least three remote perspectives.
- June 15, 2026: CAs must validate from at least four remote perspectives.
- December 15, 2026: CAs must validate from at least five remote perspectives.
As Lead Architect, Sectigo’s Sharkov is working in collaboration with co-founders Henry Birge-Lee and Grace Cimaszewski from Princeton University to develop and maintain the project’s core library, API specifications, and deployment solutions: “It’s an honor to contribute to a project like Open MPIC that brings the PKI industry together to tackle real-world security challenges,” said Sharkov. “I’m grateful to collaborate with such talented peers, and I hope our work helps the Certificate Authority community move forward with greater trust and resilience.”
Open MPIC joins other key contributions to the WebPKI from Sectigo such as pkimetal and crt.sh. Holding a record five chair positions in the CA/Browser Forum and leading the way amongst all organizations in contributing to essential WebPKI infrastructure and services, Sectigo is committed to advancing the security and reliability of the world’s public certificates. Sectigo continues to define the future of digital trust by driving technological innovation, strengthening WebPKI, and ensuring the highest security standards.
Learn more about Open MPIC by reading the blog here.
