Onion Information

Page Clicks: 0

First Seen: 03/11/2024

Last Indexed: 10/21/2024

Domain Index Total: 190

Assuming we have transit encryption, the main result of Border Gateway Patrol ( BGP ) errors is mass downtime. Downtime for a typical service is a headache; downtime for a CA can be disastrous. BGP hijacking also enables certificate mis-issuance by messing with weak domain control validation. Route authorization is an important mitigation! That said: TLS is our last line of defense against BGP attacks that re-direct HTTPS requests. Users wouldn’t have been robbed if Celer Bridge used HSTS preloading . Victims were greeted by a TLS error and chose to add a security exception; a payment platform shouldn’t offer that choice. HSTS instructs browsers to remove this option, and HSTS preloading prevents HSTS stripping (and TLS stripping). HTTP Public Key Pinning ( HPKP ) makes such attacks even harder, but HPKP had its own list of issues preventing adoption.