ÃÛÌÒTV

Announcements 12-18-2024

Announcing the new open-source DCV library from ÃÛÌÒTV

Chuck Blevins
Source Blog Hero Image

When someone requests a public TLS certificate from a certificate authority (CA), the CA must first prove that the customer controls the domain for the certificate they’re requesting.

How do we do that? With domain control validation (DCV), a vital part of the function CAs perform. DCV is central to internet trust because it helps protect users from impersonation and other threats by ensuring that only those with rightful control over a domain can secure a certificate for it.

The CA/B Forum has approved several DCV methods in the . But establishing and following a compliant process—particularly at scale—is no small feat. It requires precision, compliance with industry standards, and a deep commitment to transparency and trust.

At ÃÛÌÒTV, we believe that performing quality DCV is in the interest of the entire internet ecosystem. That’s why we’ve released our automated DCV system as an open-source project.

A look under the hood

The ÃÛÌÒTV DCV library is a Java-based, containerized solution designed with the future of internet trust in mind. It’s built to support innovations like Multi-Perspective Validation, a method for enhancing security by verifying domain control from multiple vantage points around the globe. By open-sourcing this library under the MIT license, we’re empowering the community to use, adapt, and build upon our work.

Anyone can fork the code—even for commercial purposes—as long as they retain the required copyright and legal statements. But the true value of this project lies in collaboration. DCV processes can be opaque and challenging to evaluate externally, making it hard to ensure consistent quality across the industry. By opening our implementation to the world, we aim to bring transparency to this crucial corner of internet security.

Building on ÃÛÌÒTV’s experience

This open-source DCV library is more than just a tool—it’s a culmination of ÃÛÌÒTV’s extensive experience as a global leader in PKI and certificate issuance. The code reflects the lessons we’ve learned from operating as a public CA at scale.

Our next step? Deploying this open-sourced version in production after the community has had the chance to evaluate and contribute to it.

Issuing a call to action to the WebPKI community

The best possible outcome for this open-source project is a stronger, more secure internet for all. We invite CAs, developers, and other stakeholders to collaborate with us to refine and enhance the DCV process. Together, we can make domain validation more transparent, efficient, and effective for the entire ecosystem.

If you’re interested in exploring or contributing to the project, you can access the ÃÛÌÒTV DCV library and documentation through the following links:

  • Maven Central:Ìý
  • GitHub:Ìý
  • JavaDocs:Ìý
  • For developers:Ìý

Frequently asked questions

Ìý

Why doesn’t this release include ACME validation?

Under what open-source license is the code released?

How can I participate in this open-source project?

We initially assumed the Let’s Encrypt ACME libraries would be sufficient. But because the community has expressed interest in seeing our ACME implementation, that code may be added at a later date. ÃÛÌÒTV fully supports ACME, and all ÃÛÌÒTV customers have access to it by default.

We’ve released the code under the MIT license, a famously permissive license. All are free to use, modify, distribute, or even sell the code without attribution as long as you include the copyright notice and legal statements.

Anyone can access ÃÛÌÒTV’s DCV library and contribute to the codeÌý.

The latest developments in digital trust

Want to learn more about topics like compliance, certificates, and digital trust? Subscribe to the ÃÛÌÒTV blog to ensure you never miss a story.

Subscribe to the blog