OpenSSL Communities
Thu 3 Jul 2025 6:15AM

Quick PQC Reality Check Poll

AK Aditya Koranga Public Seen by 40

Hey Small Businesses!

Hope everyone's crushing it out there! First off, thank you for electing me as your TAC representative for Small Businesses at OpenSSL Foundation. I'm excited to be your voice and make sure your needs get the attention they deserve!

So here's the buzz: OpenSSL has been going ALL-IN on Post-Quantum Cryptography (PQC) lately - and honestly, EVERYONE is talking about it. conferences, security forums, even my coffee chats somehow end up being about quantum-resistant algorithms! 馃榿 It's the hot topic that's got the entire crypto world buzzing.

But here's what I want to know: While the big players are making their PQC moves, what's happening in the small business world? Are you already thinking about this quantum future, or are you still figuring out what PQC even means for your day-to-day operations?

Remember: "Small" might be in the name, but you definitely have BIG hearts when it comes to contributing to important discussions like this! Your perspectives matter just as much (if not more) than the enterprise giants.

AK

Poll Created Thu 3 Jul 2025 6:26AM

Quick PQC Reality Check Poll: Closed Thu 10 Jul 2025 6:00AM

Outcome
by Aditya Koranga Mon 21 Jul 2025 8:56AM

Positive Findings

Excellent news: 100% of poll participants are aware of PQC, demonstrating good knowledge across our small business community. No one selected "Post-what-now?" showing we're well-informed about quantum security challenges.

33% of participants have already started integrating PQC into their solutions, indicating significant progress beyond just awareness. Meanwhile, 25% are actively researching and evaluating their options, and another 25% are aware but not actively planning PQC implementation yet.

Key Insights

Client demand is the primary driver for PQC adoption, with businesses responding to customer requirements for quantum-safe solutions. Several participants reported having PQC integrated with some of their solutions already, while others are building PQC-aware products and advising clients on quantum-safe configurations.

However, perspectives vary within our community. Some participants believe PQC theory hasn't stabilized yet and quantum computers lack sufficient qubits to pose immediate threats to current encryption. Others are taking a "wait and see" approach, preferring to monitor developments before committing resources. One member emphasized that vendor platforms like CloudFlare and AWS will likely handle PQC transitions transparently.

Member Requests

One community member specifically requested additional guidance from the OpenSSL community for full application migration to PQC, highlighting the need for practical implementation support and clear migration pathways.

The results show our small business community is well-positioned for the quantum transition, with good awareness and early adopters leading the way while others thoughtfully evaluate their timing and approach. However, some additional knowledge sharing and community guidance will be necessary to support members through this critical security transition.

Choose the option(s) you favor.

Results

Results Option % of points Voters
Already implementing PQC solutions 33.3% 4 TH JB AK ELR
We're aware but not actively planning yet 25.0% 3 BR PY TH
Researching and evaluating our options 25.0% 3 MK JB ML
Some solutions are now migrated to quantum-resistant systems 16.7% 2 TH AK
PQC? Post-what-now?(Still learning about it) 0.0% 0  
Started planning our migration strategy 0.0% 0  
Undecided 0% 44 EY DVG BG AN JZ SF J K EM KM JF CW KL RT IK AP DB YY Q SJ

9 of 53 people have participated (16%)

AK

Aditya Koranga Thu 3 Jul 2025 6:26AM

Some solutions are now migrated to quantum-resistant systems
Already implementing PQC solutions

We have started integrating PQC to the existing/new solutions and some of the solutions are now quantum resistant

JB

James Bourne Thu 3 Jul 2025 6:26AM

Researching and evaluating our options
Already implementing PQC solutions

We are actively advising our clients on how to configure PQC and building our products to be PQC "aware". For example, the Nginx configuration here uses a PQC key exchange to reverse proxy one of our products. https://kb.firedaemon.com/support/solutions/articles/4000118859 馃槑

TH

Tim Hudson Thu 3 Jul 2025 6:26AM

Some solutions are now migrated to quantum-resistant systems
Already implementing PQC solutions

Customer demand for PQC support in KMIP and PKCS#11

MK

Marc Knowles Thu 3 Jul 2025 6:26AM

Researching and evaluating our options

Looking at local and remote data encryption options and working out what would be best to migrate our applications to.

ELR

Etienne le Roux Thu 3 Jul 2025 6:26AM

Already implementing PQC solutions

We are using the Open Quantum Safe project in our dev environment to encapsulate our existing AES256-GCM keys using Kyber512. Additional guidance from Openssl community or project would be very valuable in our journey to applications being fully migrated to PQC.

TH

Tim Hogard Thu 3 Jul 2025 6:26AM

We're aware but not actively planning yet

I'll believe PQC when I see it.

MR

Michael Richardson Thu 3 Jul 2025 10:40PM

Aditya Koranga (via OpenSSL Communities) wrote:

So here's the buzz: OpenSSL has been going ALL-IN on Post-Quantum
Cryptography (PQC) lately - and honestly, EVERYONE is talking about
it. conferences, security forums, even my coffee chats somehow end up
being about quantum-resistant algorithms! 冒聼聵聛 It's the hot topic that's
got the entire crypto world buzzing.

I way prefer the terms quantum-resistant or quantum-safe.
How long ago was "post-modern" achitecture?

But here's what I want to know: While the big players are making their
PQC moves, what's happening in the small business world? Are you
already thinking about this quantum future, or are you still figuring
out what PQC even means for your day-to-day operations?

  1. aside from akamai/cloudflare/google/apple, I don't really see "big
    business" actually doing anything.
    The rest of the "Enterprise" players seem to be still pondering how to
    upgrade their Windows XP critical systems from openssl 1.0.x.

  2. you seem to be making some assumptions about how a small business might be
    using/interacting with openssl when you write "day-to-day" operations.
    I'm not quite sure what your assumptions are, but they don't seem to match
    my software and consulting business.

JB

James Bourne Thu 3 Jul 2025 11:00PM

@Michael Richardson鈥塈 can answer "generally" from the Small Business side: the move to quantum-safe will be dictated by client demand (e.g., small business makes software or hardware product "X", and their clients will request quantum-safe options), or by vendors (e.g., IaaS, PaaS, and SaaS platforms implementing it transparently e.g., CloudFlare, AWS, etc.). I've not come across any evidence that small businesses are pursuing anything meaningful from a quantum-safe perspective. Most of them struggle with the basics (e.g. implementing PKI, managing TLS certificates, etc.). Otherwise, it's BAU. My caveat is that this may change over time due to updates in various cybersecurity frameworks and regional legislative changes.

ML

Marc-Andre Lemburg Wed 9 Jul 2025 8:06AM

Post-Quantum Cryptography (PQC) may be buzzing at the moment, but the theory around it has not stabilized yet, AFAIK, so I think it's too early to select algorithms at this point. Given that quantum computers are still far away from providing enough Qbits to reasonably tackle any of the current day public key algorithms, there's still plenty of time to do more research, which will allow skipping a few MD5 moments for PQC. I believe that weaknesses in random number generation and key handling (e.g. making side channel effects possible) are a much bigger threat to crypto algorithms to focus on at this point.

Load More