CloudflareBringing more transparency to post-quantum usage, encrypted messaging, and routing security
Read Full ArticleSummary
The article introduces new features and tools on Cloudflare Radar aimed at enhancing transparency in post-quantum encryption, encrypted messaging, and routing security. It details the expansion of post-quantum monitoring to include origin-facing connections and the introduction of a tool for checking website compatibility with post-quantum encryption. Additionally, it discusses Key Transparency for end-to-end encrypted messaging services, allowing independent verification of public key distribution. The article also highlights the adoption of ASPA (Autonomous System Provider Authorization) to improve BGP routing security, providing insights into the growth of this standard and its implications for network operators.
Key Learnings
- 1Understanding the importance of post-quantum encryption in securing communications against future quantum attacks.
- 2Recognizing the role of Key Transparency in ensuring the integrity of public key distribution for encrypted messaging applications.
- 3Learning how ASPA enhances routing security by allowing networks to cryptographically verify their upstream route propagation.
- 4Gaining insights into the current landscape of post-quantum encryption support among origin servers and its implications for web security.
Who Should Read This
Senior Security Engineers focusing on encryption standards and routing security in enterprise environments.
Test Your Knowledge
What are the potential vulnerabilities in end-to-end encrypted messaging systems that Key Transparency aims to address?
How does the adoption of ASPA improve the security of BGP routing, and what are its limitations?
What trade-offs might organizations face when transitioning to post-quantum encryption protocols?
In what scenarios could the lack of post-quantum encryption support lead to security breaches?
How does Cloudflare's monitoring of post-quantum encryption support contribute to the broader adoption of these standards?
Topics
More articles about Encryption
Explore Encryption engineering →Active defense: introducing a stateful vulnerability scanner for APIs
The article introduces Cloudflare's new stateful vulnerability scanner designed specifically for APIs, addressing the limitations of traditional defensive security measures. It highlights the...
How Advanced Browsing Protection Works in Messenger
The article discusses the implementation of Advanced Browsing Protection (ABP) in Messenger, focusing on the technical challenges and infrastructure necessary to protect user privacy while analyzing...
Stop reacting to breaches and start preventing them with User Risk Scoring
The article presents a proactive approach to cybersecurity by integrating User Risk Scoring into zero trust network access (ZTNA) policies. It outlines how Cloudflare One's platform allows security...
Introducing the 2026 Cloudflare Threat Report
The 2026 Cloudflare Threat Report outlines significant shifts in the cybersecurity landscape, emphasizing the transition from brute force attacks to high-trust exploitation strategies employed by...
Toxic combinations: when small signals add up to a security incident
The article explores the concept of 'toxic combinations' in cybersecurity, where seemingly harmless signals can converge to create significant security incidents. It highlights how minor...
More from Cloudflare Engineering
View Cloudflare engineering blogs →Complexity is a choice. SASE migrations shouldn’t take years.
The article emphasizes the shift in the cybersecurity landscape regarding SASE migrations, arguing that complexity is a choice rather than an inevitability. It showcases how Cloudflare's SASE...
Active defense: introducing a stateful vulnerability scanner for APIs
The article introduces Cloudflare's new stateful vulnerability scanner designed specifically for APIs, addressing the limitations of traditional defensive security measures. It highlights the...
Fixing request smuggling vulnerabilities in Pingora OSS deployments
The article addresses critical HTTP/1.x request smuggling vulnerabilities identified in the Pingora open source framework, particularly when deployed as an ingress proxy. It outlines the nature of...
From the endpoint to the prompt: a unified data security vision in Cloudflare One
The article outlines Cloudflare One's evolution in data security, emphasizing a unified approach that encompasses protection in transit, visibility and control at rest, and enforcement in use. It...
A QUICker SASE client: re-building Proxy Mode
The article outlines the challenges faced by security teams when implementing proxy modes in SASE environments, particularly the performance issues associated with traditional TCP implementations. It...