Cloudflare Radar: Unveiling Post-Quantum & Routing Security

Post-Quantum & Routing Security Transparency

Cloudflare's latest Radar updates represent a substantial leap in providing granular visibility into critical, evolving security domains. The expansion into origin-facing post-quantum (PQ) encryption support, complementing existing client-side metrics, is particularly noteworthy. By leveraging automated TLS scanning and a new testing tool, Cloudflare is democratizing access to understanding PQ readiness, moving beyond theoretical discussions to practical, measurable data. This proactive approach empowers organizations to assess their own infrastructure and that of their partners, accelerating the vital transition to quantum-resistant cryptography. The integration of Key Transparency data for E2EE messaging services like WhatsApp is another major win for transparency. By providing a public dashboard for the verification status of Key Transparency Logs, Cloudflare is building trust in the integrity of public key distribution, a cornerstone of secure communication. This move is crucial for users and developers alike, offering a verifiable mechanism to ensure that the keys they rely on are indeed legitimate, mitigating risks of man-in-the-middle attacks.

Furthermore, the enhanced focus on Routing Security through ASPA adoption tracking addresses a long-standing vulnerability in BGP. ASPA's ability to cryptographically sign authorized provider relationships offers a critical layer of defense against route leaks and hijacks. Cloudflare's detailed dashboards and API access for ASPA data will be invaluable for network operators, researchers, and policymakers in understanding and driving the adoption of this emerging standard. The ability to visualize global, country, and network-level ASPA deployment, alongside granular inspection of individual records and historical activity, provides unprecedented insight into the health of Internet routing. The immediate availability of this data via API also lowers the barrier for integration into existing security workflows and research initiatives, fostering broader adoption and development of related tools.

While the article highlights significant advancements, a potential limitation could be the dependency on Cloudflare's scanning infrastructure for origin PQ support. While comprehensive, it represents an external view. Organizations might still need internal audits to confirm their specific TLS configurations and preferences. For Key Transparency, the current focus on WhatsApp and Facebook Messenger Transport, while important, could be expanded to include other prominent E2EE services as they adopt similar transparency mechanisms. The rapid evolution of post-quantum algorithms and standards means continuous updates will be necessary to maintain the relevance and accuracy of the PQ monitoring tools. Nevertheless, these additions collectively position Cloudflare Radar as an indispensable resource for navigating the complex landscape of modern Internet security.

Key Points

• Cloudflare Radar has launched new features for Post-Quantum (PQ) encryption usage, extending monitoring to origin-facing connections.
• A new tool allows users to test any website's PQ encryption compatibility.
• A Key Transparency section on Radar provides a public dashboard for real-time verification status of Key Transparency Logs for E2EE messaging services.
• Routing Security insights are expanded with global, country, and network-level data on ASPA deployment for BGP route leak prevention.
• Origin PQ support has seen a significant increase, with ~10% of origins benefiting from PQ-preferred key agreements, a 10x jump since early 2025.
• The Key Transparency dashboard displays log status, last signed/verified epochs, and root hashes for services like WhatsApp.
• ASPA adoption tracking offers detailed views of growth, RIR-specific trends, and granular inspection of records, with data available via API.

---

📖 Source: Bringing more transparency to post-quantum usage, encrypted messaging, and routing security