Protocol ossification delayed the rollout of TLS 1.3 for years, and has once again become a roadblock in the rollout of post-quantum cryptography. In a recent large-scale study of TLS servers, we assessed the deployment compatibility of post-quantum key agreements, uncovering surprising results and insights. Notably, we observed protocol ossification in areas beyond the well-known issue of fragmented ClientHello messages due to large key sizes. We believe more surprises will emerge with post-quantum certificates, making deployment far more complex than a “flip-of-a-switch” transition.
In this talk, we share our findings from the study, and emphasize the importance of testing early to identify potential post-quantum migration challenges rather than making assumptions about where issues may arise. We walk through the subtle deployment complexities and operational issues that can arise when managing the complexities of post-quantum PKI implementations, particularly for end-user connection stability. By offering practical insights, we hope to contribute to a smoother shift to the post-quantum era, enhancing crypto-agility and strengthening the reliability of the Web PKI as a by-product.
Syed Suleman Ahmad - Research Engineer at ‪@cloudflare‬