WebPKI Observatory — Cryptographic Posture
Root stores continue to trust legacy cryptographic postures including SHA-1 intermediate certificates and 1024-bit RSA keys in grandfathered roots, though active issuance has migrated to SHA-256 and 2048-bit or stronger keys. The transition to post-quantum cryptography remains aspirational, with no standardized migration path yet deployed at ecosystem scale. Certificate validity periods continue to compress under ballot SC-081, with median current usage at 64 days against future thresholds of 47 days, creating operational pressure examined in the BR readiness analysis.