Internet security is leveling up with MPIC. While your organization likely won’t need to do anything to prepare, here’s what to know about the industry’s changes and why they’re good for security
Starting Sept 15, 2025, all publicly trusted certification authorities (CAs such as DigiCert, Sectigo, etc.) must perform domain validation and CAA record checks using multiple network perspectives. This method, known as multi-perspective issuance corroboration (MPIC), aims to ensure that an attacker who poisons or compromises DNS servers in one area won’t be able to issue an SSL/TLS or S/MIME certificate for a domain they don’t control.
This concept of MPIC is similar to how the National Hockey League (NHL) relies on multiple officials (two referees, 2 linesmen) during a hockey game:
- The refs strategically position themselves in different positions around the ice, so they have different gameplay vantage points. (Think of this as different “network perspectives.”)
- If all officials agree that a puck crosses the net’s red line without penalty, then the team scores a goal.
- If even just one of those officials reports seeing the situation differently, then the goal goes under review to determine whether it’s valid or must be disallowed.
Seeing as how this next phase of the certificate issuance requirement rollout takes effect next week, and we’ve not talked much about MPIC before, now seems like the perfect time to briefly talk about what MPIC entails for websites and email. We’ll also address why these changes are happening and how this multiple vantage point verification approach improves security by mitigating fraudulent server certificate issuances.
Let’s hash it out.
The post An Explainer Guide on Multi-Perspective Issuance Corroboration (MPIC) appeared first on Hashed Out by The SSL Store™.