WebPKI Observatory — Long Tail Risk
Eighty-two certificate authorities operate in the long tail, each commanding less than 1% market share yet retaining full inclusion in browser trust stores. These low-volume CAs collectively issue only 6.2% of certificates but represent 85% of the trusted CA population, creating an asymmetric risk profile where a single incident has limited user impact but full incident response burden. The tail includes many regional, governmental, and legacy CAs that maintain trust store presence despite minimal operational visibility in public certificate transparency logs.