Skip to Content
All memories

DevSecOps

Operational rigor as a security boundary: supply chain, CI/CD determinism, configuration drift control, and high-signal monitoring.

View tag listing

Best starting points

  1. Hybrid Schemes and Protocol Agility

    April 16, 2026 · 10 min

    Deep dive (April 2026): hybrid key establishment is a narrow hedge (HNDL), not “post-quantum TLS”. The hard part is suite identity, transcript binding, and AND-semantics for dual signatures.

  2. Stateful Signatures Are a Distributed Systems Problem: XMSS/LMS Without Index Reuse

    April 1, 2026 · 10 min

    Deep dive (April 2026): stateful hash-based signatures look like “just PQC”, but one index reuse is a catastrophic key-management failure. Model the invariant, then build the allocator like a consensus component.

  3. The Leaf Is the Hot Path: Signature Placement in Post-Quantum TLS (ML-DSA vs SLH-DSA)

    April 8, 2026 · 9 min

    Paper note (April 2026): experiments show SLH-DSA in the server leaf collapses TLS 1.3 handshakes by ~10^3×. PQ migration is a certificate-hierarchy and cost-concentration problem, not an algorithm swap.

Roadmap

  • Build provenance + reproducibility
  • Policy-as-code + guardrails
  • Least privilege + secrets delivery
  • Continuous verification + response automation

Browse topics