Prologue (Policy Mandate)
"Quantum computing isn’t the real story. The calendar is. [..] There are actual deadlines now — fixed, public, bureaucratically laminated dates — when the old encryption that protects everything you do online will begin retiring."
"Anyone who can help a company navigate this transition will be disproportionately valuable for at least the next decade."
Mandating a PQC upgrade can cause TLS regressions because the bigger PQC certificates push the server’s first flight beyond the TCP initial-congestion-window (initcwnd), forcing an extra round-trip.
The literature shows the problem is real on low-initcwnd paths and with larger parameter sets, but it can be engineered away by:
Keeping the server’s authentication blob ≤ 9–10 kB
Using TCP initcwnd ≥ 10 (35 MSS) or enabling RFC 6928 auto-tuning
Preferring Dilithium-2 / Falcon-512 over Dilithium-3 or SPHINCS+
Delivering a compressed or split cert chain
Letting clients send their PQC key-share in the first ClientHello to avoid HelloRetryRequest
dybilar
gamella
zerebom
kohju
ruzia
hoshi7_n
iotcomjpadmin
sansan33
sonoda_mj
oidfj
yakumo
kubomasataka
oripsolob
62gerente
leimatthew05
csswizardry
uxyall
ianozsvald
sferik
marktimemedia
mayatellez
eileencodes
jmmastey
emna__ayadi
