The post-quantum cryptography industry still tries to pitch algorithms even though nobody is buying. Lattice-based key encapsulation, hash-based signatures, structured lattices for key exchange. NIST has standardised them. Vendors have announced support. The part we should actually be measuring is whether any of it is actually deployed. And that begs the deeper question of what the security industry should be selling.
Every major cryptographic transition in the history of computing has brought between ten and twenty years of pain. DES to AES. SSLv2 to TLS 1.2. SHA-1 to SHA-256. In every case, the transition was driven by tragedy in breaches and deprecation enforcement, not by planning ahead. In every case, the organisations that moved last had users who suffered the most. And in every case, the industry tried to declare mission accomplished years before stable migration was complete.
The ghosts of migrations past are now back when dealing with quantum. Over half of client-to-edge TLS traffic uses post-quantum key exchange. Origin server adoption is roughly one percent. The gap between those two numbers is the actual attack surface today for harvest-now-decrypt-later collection. CDN edge encryption has stepped up for protection to the last mile. It does not protect the data and we all know it. Nobody wants to land at an airport that has no safe way to reach the city.
CNSA 2.0 sets hard deadlines by 2027 let alone more deadlines by 2030 and then 2035. BSI, ASD, G7, and Europol all have published their own timelines with comparable urgency. These deadlines are not suggestions. No amount of procrastinating will mean threats change the advancing timelines.
Add to that, the existing tools still measure what's in the rear view mirror. SSL Labs tells you whether your TLS configuration is competent based on where we have come from. A site can score an A- on SSL Labs however may be graded an F by those looking ahead towards post-quantum readiness. Both grades would be correct because where we came from is not where we have to go.
After many meetings over the last two years with some of the largest organizations in the world, hearing how their inventory struggle is real, we built [PQ]probe to answer the question that matters for the transition: are you getting better or worse?
[PQ]probe tracks migration trajectory towards the appropriate end state. Not a point-in-time grade, but a temporal pattern—IMPROVING, DEGRADING, or STABLE—across every protocol surface that negotiates cryptography. TLS, SSH, SMTP, IMAP, RDP, database protocols, healthcare protocols, message brokers, filesystem sharing. Over twenty protocols across roughly thirty port variations, scanned continuously and scored against CNSA 2.0 compliance timelines. We have built it based on decades of experience in cryptographic migrations, to make it less painful this time.
Vendor claims are not verified posture. When a vendor names ML-DSA or X25519Kyber768, that claim can be probed. When a vendor says "cryptographic agility" or "quantum-safe architecture," it cannot. The distinction between a verifiable technical claim and a narrative positioning statement is the core of what we measure. Library readiness is not product deployment. Platform primitives are not negotiated cipher suites.
The organisations that track their own migration trajectory will know where they are relative to threats and deadlines. The ones leaning on vendor assurances will discover the sad gap far too late to close.
Try Free ProbeDavi Ottenheimer
Here to help shrink the gap between what vendors say about your readiness and what their products actually negotiate. It's been a measurable gap that nobody was measuring, so that's why [PQ]probe landed.
I've survived three decades of leading information security in Silicon Valley including large scale migrations of DES to AES, SSLv2 to TLS 1.2, SHA-1 to SHA-256, and bcrypt to Argon2. This gives me a strong sense of what's ahead by looking at where we've been. Former head of security at NASA-UARC, UCSC, ArcSight, VMware, EMC, and Yahoo! At MongoDB I created their CISO role and field-level encryption for document databases, delivered in 2019. Author of a foundational 2012 cloud security infrastructure book Securing the Virtual Environment: How to Defend the Enterprise Against Attack. Inventor of PIN-based authentication on resource-constrained IoT devices, patented in 2006.