Quantum-Resistant Kubernetes: Realities, Risks & (Versioning) Pitfalls - Fabian Kammel, ControlPlane

less than 1 minute read

Abstract

Post-Quantum Cryptography (PQC) is no longer theoretical. With Go 1.24+ enabling ML-KEM by default, Kubernetes v1.33+ inherits significant quantum resistance for key exchange. This talk dives into the practical realities. We’ll briefly cover the current state of PQC standardization, such as ML-KEM (FIPS-203) and then critically examine real-world implications: how K8s “accidentally” already benefits from PQC key exchange, the subtle but critical downgrade risks from mismatched Go versions (e.g., Go 1.23’s X25519Kyber768Draft00 vs. 1.24’s X25519MLKEM768), and the “tldr.fail” issue where large PQC key shares can break TLS handshakes due to packet size limits. We’ll explore these challenges with evidence from the K8s ecosystem, offering insights for maintainers and advanced users navigating the PQC transition.

Sched URL

Video

Share on

X Facebook LinkedIn Bluesky

About

Conferences

Quantum-Resistant Kubernetes: Realities, Risks & (Versioning) Pitfalls - Fabian Kammel, ControlPlane

Abstract

Video

Share on

You May Also Enjoy

You Deployed What?! Data-Driven Lessons on Unsafe Helm Chart Defaults - Yossi Weizman, Microsoft

Tools and Strategies for Making the Most of Kubernetes Access Control - Lucas Käldström, Upbound & Micah Hausler, AWS

The Ultimate Container Challenge: An Interactive Trivia Game on Supply Chain Security - Aurélie Vache, OVHcloud & Sherine Khoury, Red Hat

Securing Data Applications at Pinterest With Finer Grained Access Control on Kubernetes - Soam Acharya & William Tom, Pinterest