Comment by woodruffw

12 hours ago

> Cloudflare, which hosts a considerable fraction of the Internet's web sites, reports that 33% of its connections are using post-quantum crypto as of January 2025.

DJB's narrative is a little selective here: Cloudflare has done some incredibly impressive things with post-quantum key agreement, which is arguably the "easy"[1] part of moving the Web PKI/TLS to a PQ setting. But key agreement doesn't tell the parties why they should trust each other; you need signatures and certificates for that, and those will need to be PQ-ready too.

That part is much harder, for both technical (larger certificates implied by most PQ signing schemes are much harder to reliably convey over packet networks) and political (the X.509 ecosystem moves very slowly, and penetration of new signature schemes takes years) reasons.

[1]: Nothing about it is easy.

4 comments

woodruffw

Reply
adgjlsfhk1  8 hours ago

Certificates don't need to worry about store now decrypt later. As such, IIUC Cloudflare has another decade at least before they need to start worrying about this.

  • woodruffw  6 hours ago

    The update cycle for root trust programs is extremely long, especially if you care about anything older than the newest, most consistently up-to-date systems. So it's a "now" issue, insofar as it won't be a problem for at least another decade.

Azerty9999  11 hours ago

Are you indicating that Cloudflare's implementation isn't truly fully post quantum secure because of lagging certificate standards/technology?

Wanted to provide the source for your posting about 33% of Cloudflare TLS traffic having Post-Quantum Encryption as of Jan 2025 [1]

[1] https://radar.cloudflare.com/adoption-and-usage#post-quantum...

  • woodruffw  9 hours ago

    > Are you indicating that Cloudflare's implementation isn't truly fully post quantum secure because of lagging certificate standards/technology?

    Yes, although I wouldn't say "truly" because they haven't intimated that it is. I'm not claiming any malfeasance on Cloudflare's part: they have been very explicit about the fact that the PQ components deployed so far are only in the key exchange. Bas Westerbaan has a great post on the Cloudflare blog about the state of PQ in 2024.