Blog
Notes on TLS, post-quantum cryptography, and inline interception — at the byte level.
Why we call it a splice
It was the third name we tried — split, then bridge, then splice. Why each earlier word told a small lie about a thing that joins two TLS connections and transforms the crypto in between, with the rejected names still fossilized in the code. An etymology sourced from git.
The CA our agent wouldn't trust for three weeks
An agent rejected a perfectly valid upstream certificate, on every connection, for three weeks. The cert was fine; the host trusted the CA. The agent had read the trust store once, at boot, and never again. When a restart fixes it, you're looking at stale in-memory state.
The 1.2 KB problem: how post-quantum breaks the ClientHello
Turn on PQC and some connections fail — not with a crypto error, but a hang or reset mid-handshake. The ML-KEM key share pushes the ClientHello past the MTU, so it splits across TCP segments, and gear that assumed one segment breaks. Why it reads like a flaky network, and why it's the migration's first canary.
Why hybrid post-quantum, not pure ML-KEM
If ML-KEM is the quantum-resistant algorithm, why ship X25519MLKEM768 and drag classical X25519 along? Hybrid isn't double the quantum security — X25519 adds zero post-quantum protection. Its real job, and the precise risk trade, shown in how the two secrets combine on the wire.
Post-Quantum TLS Migration: A Practitioner's Guide
The cryptography is the easy part — NIST finished it. What migrating TLS to post-quantum actually involves, step by step: the mandates that set the deadline, what PQC looks like on the wire, and the inventory → migrate → prove sequence — including the long tail of endpoints you can't touch.
What M-23-02 actually requires, decoded to wire reality
The federal post-quantum memo is read as "deploy PQC now." It isn't — its binding near-term requirement is an inventory of quantum-vulnerable cryptography, which decodes to one field per handshake. Why that makes it an observability problem first, and why a config file can't answer it.
0x4588 ≠ 4588: the one-character bug that hid post-quantum from our own dashboard
A hex/decimal slip made every ClientHello advertise an unassigned key-exchange group — and three layered mistakes hid it for weeks. The story, and why the wire is the only ground truth.
Two handshakes on one wire: upgrading TLS crypto without touching the endpoints
How a TLS connection gets its crypto upgraded mid-flight — two independent handshakes, two key schedules, and why the certificate is the whole game.
X25519MLKEM768, byte by byte: post-quantum key exchange on the wire
What post-quantum key exchange actually looks like on a TLS 1.3 connection — the codepoint, the 1.2 KB key share, the byte order, and how to verify it with one openssl command.