Multi-Perspective Issuance Corroboration (MPIC) from February 2025

DNS queries from CA from February 2025 on using Multi-Perspective Issuance Corroboration (MPIC) - No need for adaptation for customers.

We would like to draw your attention to the following change regarding CA-side DNS calls:

Background

When an Internet domain is queried, there is a risk that someone intercepts the query and an unauthorised third party pretends to be the holder of this domain (‘man in the middle’). This problem can occur during domain validation and when checking the so-called ‘Certification Authority Authorisation’ (CAA) before a certificate is issued.

Multi-Perspective Domain Corroboration (MPIC) minimises the risk of such an attack. The domain is accessed from different locations around the world. This minimises the risk of such an attack, as it is much more difficult to be ‘man in the middle’ in different locations.

The use of MPIC will be mandatory for issuing Internet certificates in the future; details can be found in section 3.2.2.9 of the TLS Baseline Requirements.

What do I have to do as a customer?

Please note that the change may cause slight delays in the issuing of certificates.

However, there is no need for customers to make any adjustments.

Timeline

The following introduction dates for MPIC are planned:

• Pre-production environment: calendar week 7 (10 – 14 February) 2025

• Production environment: calendar week 9 (24 – 28 February) 2025

Please do not hesitate to contact us if you have any questions.

Kind regards

Your SwissSign-Team