Prologue (Policy Mandate)
"Quantum computing isn’t the real story. The calendar is. [..] There are actual deadlines now — fixed, public, bureaucratically laminated dates — when the old encryption that protects everything you do online will begin retiring."
"Anyone who can help a company navigate this transition will be disproportionately valuable for at least the next decade."
Mandating a PQC upgrade can cause TLS regressions because the bigger PQC certificates push the server’s first flight beyond the TCP initial-congestion-window (initcwnd), forcing an extra round-trip.
The literature shows the problem is real on low-initcwnd paths and with larger parameter sets, but it can be engineered away by:
Keeping the server’s authentication blob ≤ 9–10 kB
Using TCP initcwnd ≥ 10 (35 MSS) or enabling RFC 6928 auto-tuning
Preferring Dilithium-2 / Falcon-512 over Dilithium-3 or SPHINCS+
Delivering a compressed or split cert chain
Letting clients send their PQC key-share in the first ClientHello to avoid HelloRetryRequest
dybilar
yokomachi
htkym
miu_crescent
motojimayu
yama3133
iotcomjpadmin
nakamasato
coconala_engineer
fullkaiten
oracle4engineer
shibuiwilliam
boro1234
aleyda
bermonpainter
jmmastey
speakerdeck
szymonslowik
chrislema
sarafernandez
erikaheidi
tmiket
inesmontani
aarron
addyosmani
