Skip to content

blog post in post quantum crypto in k8s #582

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

blog post in post quantum crypto in k8s #582

wants to merge 7 commits into from

Conversation

datosh
Copy link

@datosh datosh commented May 30, 2025
edited
Loading

Hey 👋
I recently spend some time researching the current state of post quantum cryptography in the cloud native industry.
For some topics I found little to no information especially in the Kubernetes ecosystem, so I thought I share my findings with the community!

Discussion on Slack:

Happy for any comments or suggestions on the post.

/cc @lmktfy

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label May 30, 2025
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: datosh
Once this PR has been reviewed and has the lgtm label, please assign madhavjivrajani for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot
Copy link
Contributor

Welcome @datosh!

It looks like this is your first PR to kubernetes/contributor-site 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes/contributor-site has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot k8s-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label May 30, 2025
@datosh datosh force-pushed the post-on-pqc-in-k8s branch from 6a12508 to d5013cb Compare May 30, 2025 11:32
@datosh
format: follow style guide
24ca678 
Signed-off-by: Fabian Kammel <[email protected]>
jberkus
jberkus suggested changes Jun 2, 2025
View reviewed changes
Copy link
Contributor

@jberkus jberkus left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Composition/writing check. No real grammar/punctuation editing needed. However, one suggestion on article flow, and one link needs to be replaced.

The rest of the links all look OK.

Note that I have no expertise in the cryptography details covered by the article.

content/en/blog/2025/pqc-in-k8s/pqc-in-k8s.md
theoretical for many applications, their potential to break current
cryptographic standards is a serious concern, especially for long-lived
systems. This is where _Post-Quantum Cryptography_ (PQC) comes in. In this
article, I\'ll dive into what PQC means for TLS and, more specifically, for the
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it actually necessary to escape apostrophes? This doesn't break anything, but I don't recall it being required before.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I escaped them, because I thought I saw it in the style guide, but now I fail to find a reference.
As you said "it doesn't break anything", so I would leave it as is, unless you disagree.

@datosh
work in feedback
e5688bc 
Signed-off-by: Fabian Kammel <[email protected]>
@datosh
Copy link
Author

datosh commented Jun 3, 2025

Thank you, for taking the time to review this @jberkus
I have resolved / replied to all comments.

@datosh
mark post as draft
83bdb9c 
Signed-off-by: Fabian Kammel <[email protected]>
@lmktfy
Copy link
Contributor

lmktfy commented Jun 3, 2025

@kubernetes/sig-security-pr-reviews is this article OK to publish (in terms of cryptography / infosec message)?

@k8s-ci-robot k8s-ci-robot added the sig/security Categorizes an issue or PR as relevant to SIG Security. label Jun 3, 2025
lmktfy
lmktfy reviewed Jun 3, 2025
View reviewed changes
content/en/blog/2025/pqc-in-k8s/pqc-in-k8s.md
Comment on lines +166 to +167
[Cloudflare\'s CIRCL] (Cloudflare Interoperable Reusable Cryptographic Library)
library implements some PQC signature schemes like variants of Dilithium, and
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Better:

Suggested change
[Cloudflare\'s CIRCL] (Cloudflare Interoperable Reusable Cryptographic Library)
library implements some PQC signature schemes like variants of Dilithium, and
Cloudflare's [CIRCL](https://github.com/cloudflare/circl)
(Cloudflare Interoperable Reusable Cryptographic Library)
implements some PQC signature schemes, such as variants of Dilithium, and

(and drop the reference later in the article)

Inline hyperlinks are easier to maintain, especially for localization teams. This article may well end up getting localized into up to 13, and counting, target languages.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wait, is this a change to stylesheet from Docs? Because for years we've been telling people to use end links specifically for maintenance purposes.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jberkus first I knew about the preference for end links. Let's take this to SIG Docs' Slack channel?

datosh and others added 3 commits June 4, 2025 16:51
@datosh @lmktfy
Apply suggestions from code review
0dcf28f 
Co-authored-by: Tim Bannister <[email protected]>
@datosh @lmktfy
Apply suggestions from code review
687edbb 
Co-authored-by: Tim Bannister <[email protected]>
@datosh
fix console
f5e9806 
Signed-off-by: Fabian Kammel <[email protected]>
@lmktfy
Copy link
Contributor

lmktfy commented Jun 20, 2025

We should be able to get eyes on this next week.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jberkus jberkus jberkus requested changes

@lmktfy lmktfy lmktfy left review comments

@mfahlandt mfahlandt Awaiting requested review from mfahlandt

@palnabarun palnabarun Awaiting requested review from palnabarun

Assignees
No one assigned
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. sig/security Categorizes an issue or PR as relevant to SIG Security. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@datosh @k8s-ci-robot @lmktfy @jberkus