Crypto-Agile PKI in Practice: Building Reliable Trust Paths for the Post-Quantum Transition (K00d)
The transition to post-quantum cryptography is exposing practical gaps in how PKI operates at scale. Across real enterprise use cases, the introduction of hybrid and post-quantum algorithms has consistently revealed issues that traditional trust models were not built to handle, including certificate size increases that impact performance, chain validation failures across different platforms, limitations in cryptographic modules, and workflow constraints in certificate lifecycle operations. These challenges appear through direct observation in production environments spanning cloud infrastructures, on-premise systems, and constrained devices. This talk offers a vendor-neutral implementation model built from field experience, deployment testing, and lessons learned while preparing organizations for post-quantum readiness. The talk outlines repeatable patterns observed across multiple environments, including how hybrid certificate chains behave under different validation engines, how trust stores process algorithm diversity, and which migration steps most reliably prevent outages or service disruptions. Attendees will gain practical, evidence-backed guidance for designing migration-safe trust paths, adapting cryptographic modules, updating validation logic, and sequencing changes to maintain continuity of trust throughout the post-quantum transition.