HTTPS certificate industry phasing out less secure domain validation methods
2 days ago
- #Certificate Validation
- #HTTPS
- #Cybersecurity
- Secure connections rely on trustworthy certificate validation processes.
- Chrome Root Program and CA/Browser Forum have adopted new security requirements for HTTPS certificate issuers.
- Legacy Domain Control Validation methods are being sunset to close potential security loopholes.
- The deprecation will be phased in, with full implementation by March 2028.
- Domain Control Validation ensures certificates are only issued to legitimate domain operators.
- Modern validation uses 'challenge-response' mechanisms, retiring weaker methods like email or phone verification.
- Sunsetted methods include those relying on email, phone, and reverse lookups.
- These changes push the ecosystem toward automated, cryptographically verifiable security methods.
- The updates aim to make the internet safer by standardizing and modernizing validation processes.