Technical — Blog

Focused briefings from the Blog archive for teams working through Technical decisions.

Briefings: 7
Filter: Category
Index: Blog

Filtered analysis

Research notes

7 published briefs in this filter.

Abstract infrastructure gateway moving signed firmware and certificate evidence into protected systems.

Technical

NIST draft SP 800-230 adds smaller, faster SLH-DSA parameter sets for sign-once, verify-many workflows. The catch is operational: each signing key has a strict signature limit.

Read post

Abstract standards evidence panels showing candidate post-quantum signature paths converging into a grid.

Technical

NIST moved nine additional post-quantum signature candidates into Round 3 in May 2026. That is algorithm diversity planning, not a pause button for ML-DSA and SLH-DSA migration.

Read post

Abstract hybrid TLS gateway connecting legacy services to protected infrastructure segments.

Technical

Running ML-KEM alongside ECDH in TLS 1.3 across distributed infrastructure is straightforward in theory. This composite rollout model highlights practical planning issues around certificate chain sizes, middlebox interference, and HSM firmware constraints.

Read post

Abstract lattice and classical key exchange paths converging into a sealed session.

Technical

ML-KEM (FIPS 203) is the NIST standard. X-Wing is a hybrid combiner that pairs ML-KEM with X25519. Understanding when to use each — and why hybrid matters during the migration window.

Read post

Limited-use SLH-DSA: smaller signatures, stricter operations

NIST’s next signature race is not a reason to wait

NIST’s 2026 PQC signature update: what architecture teams should do next

Hybrid ML-KEM for TLS and SSH: useful, but not a migration plan by itself

Firmware signing in the PQC transition: the hard part is recovery

Hybrid TLS rollout model: lessons from a 12-month plan

Choosing between ML-KEM and X-Wing for KEM