Let’s Encrypt Launches Multi-perspective Domain Validation – Response From Industry Expert

Let’s Encrypt has launched multi-perspective domain validation, a new feature that aims to bolster network security by limiting the ability of cybercriminals to trick Certificate Authorities into mis-issuing certificates.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Kevin Bocek
Kevin Bocek , VP Security Strategy & Threat Intelligence
InfoSec Expert
February 25, 2020 9:44 am

It’s great to see Let’s Encrypt increase the level of validation they use to better demonstrate ownership and control of a domain. However, we know that tens of thousands of Let’s Encrypt certificates are used by cyber attackers every day to make their phishing attacks more credible.

It’s easy for many businesses to assume that if they don’t use Let’s Encrypt certificates this isn’t their problem, but that’s not the case. Attackers can still get Let’s Encrypt certificates that look like any domain in seconds. The only way organisations can protect themselves is by having complete visibility over all the TLS certificates across the entire internet.

Last edited 2 years ago by Kevin Bocek
1
0
Would love your thoughts, please comment.x
()
x