BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.devconf.info//devconf-cz-2025//talk//JHTGT7
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-devconf-cz-2025-JHTGT7@pretalx.devconf.info
DTSTART;TZID=CET:20250613T101500
DTEND;TZID=CET:20250613T113500
DESCRIPTION:As post-quantum cryptography (PQC) continues to evolve\, ensuri
 ng a smooth and adaptable transition for end users\, developers\, and syst
 em administrators remains a top priority. Building on discussions from the
  last DevConf and the latest NIST recommendations\, this session presents 
 recent updates in the Fedora ecosystem with cryptographic components\, inc
 luding crypto-policies\, demonstrating real-world PQC integration.\nOur li
 ve demo will showcase a familiar user experience — a routine Firefox bro
 wsing session — that seamlessly incorporates PQC. By inspecting the secu
 rity tab when connecting to a web server\, we illustrate how the user expe
 rience remains intentionally "boring\," signaling a successful\, non-disru
 ptive deployment of advanced cryptographic protocols. Beneath this simplic
 ity\, however\, lies a powerful infrastructure of client-side and server-s
 ide components.\nOn the client side\, we employ a nightly build of Firefox
  enhanced with PQC authentication and key exchange capabilities\, made pos
 sible through Qryoptic — a rust based soft-token derived from the Kryopt
 ic project — loaded alongside Firefox's default NSS soft-token. On the s
 erver side\, we leverage vanilla nginx running over OpenSSL 3.2 with our A
 urora provider\, a rust written OpenSSL Provider designed to boost cryptog
 raphic agility by allowing flexible backend implementations for PQC primit
 ives.\nWhile some of these results could be approximated using vanilla Fir
 efox and OpenSSL with the oqsprovider\, our approach enhances cryptographi
 c agility through shallow loadable modules — decoupling stable systems f
 rom rapidly evolving PQC ecosystems. Beyond the demo\, we’ll dive into t
 he experience of writing OpenSSL Providers in Rust and explore how open-so
 urce efforts like Kryoptic can be customized to build experimental PKCS#11
  soft-tokens\, offering valuable tools for developers and security researc
 hers.\nConcluding the session\, we’ll discuss the broader methodology be
 hind these efforts and how shallow loadable modules can empower users\, sy
 sadmins\, developers\, and cryptographers alike to achieve greater flexibi
 lity and security in a post-quantum world.
DTSTAMP:20260513T063959Z
LOCATION:A218 (capacity 20)
SUMMARY:Post Quantum Crypto in Practice: Real-World Implementation with Fir
 efox\, OpenSSL\, and Rust-Based Solutions - Sahana Prasad\, Nicola Tuveri\
 , Akif Mehmood\, Francesco Rollo
URL:https://pretalx.devconf.info/devconf-cz-2025/talk/JHTGT7/
END:VEVENT
END:VCALENDAR