methodology / Security / #89
Certificate key strength and signature algorithm
#89 · Recommended · Web Quality · weighted · Security · impl todo · source Leaf certificate ASN.1 parsed in-engine — extracts subjectPublicKeyInfo (key algorithm + size, EC curve) and signatureAlgorithm OID. Cert bytes from the TLS handshake (Worker direct or Container fallback).
Web Quality factor
This factor is part of Web Quality — the weighted 0..100 score that sits above Web Standards. Its weight depends on what kind of site is being measured. Web Standards items take priority; this factor only enters the score once Web Standards passes.
- Base weight
- 0.7 applied to every site type unless overridden below
- Why this weight
- Cert key strength + signature algorithm — defends against deprecated SHA-1, weak RSA.
Per-site-type overrides
| Site type | Weight | Δ vs base |
|---|---|---|
| Personal site | 0.3 | -0.4 |
Site types not listed inherit the base weight.
What this means for your business
The certificate behind your padlock is signed with a kind of math that has to keep up with the times. Old, short keys are being phased out — sites still using them will start showing warnings in browsers.
Plain title: Your padlock isn't using outdated keys
Want the long version? Read the full explainer with examples →
What we measure
We measure the public-key algorithm and size on your leaf certificate, plus the signature algorithm used to sign it. Modern thresholds: RSA ≥ 2048 bits OR ECDSA on P-256/P-384/P-521, signed with SHA-256 or stronger. NIST SP 800-131A recommends rotating RSA-2048 to RSA-3072 by 2030; SHA-1 signatures are universally considered broken.
How to improve your score
If your cert is RSA 2048 + SHA-256 (most Let's Encrypt and DigiCert default), it's acceptable today but you should plan a rotation to ECDSA P-256 or RSA 3072+ before 2030. ACME issuers (Let's Encrypt, ZeroSSL) all support ECDSA — just request `--key-type ecdsa --elliptic-curve secp384r1`. If you're on SHA-1 today, your cert is being rejected by every modern browser; reissue immediately. If you're on RSA < 2048, same — that's been below the CA/Browser Forum minimum since 2014.
Facts
Implementation notes
pass=100: RSA ≥ 3072 with SHA-256+, OR ECDSA P-256/P-384/P-521 with SHA-256+, OR Ed25519/Ed448. warn=60: RSA exactly 2048 with SHA-256 (acceptable today, NIST flags for 2030+ rotation). fail=0: RSA < 2048, ECDSA on weak curve (P-224 or smaller), or any SHA-1 signature.
Scoring
Scoring formulas are versioned with the methodology. The current method maps raw measurements to pass, warn, fail. Factor weights determine how much each contributes to the composite — see the methodology index for the full table.
Version history
| Version | Change | Date |
|---|---|---|
| v0.1 | Factor introduced. Status: proposed. Scoring impl: todo. | 2026-04-25 |