PATTERN Cited by 1 source
Compensating controls for migration gap¶
Context¶
A new security primitive (e.g., a better post-quantum signature algorithm) is needed but will not be standardised and available for 5โ10 years. The threat it addresses (quantum computer capable of breaking classical crypto) may arrive before the ideal solution is ready.
Problem¶
Systems where the current-best primitive (ML-DSA) causes genuine operational problems (wire-size constraints, protocol incompatibility) face a gap: the ideal algorithm isn't ready, but the threat is approaching.
Solution¶
Deploy the available general-purpose primitive where possible, and apply compensating controls in systems where it doesn't fit:
| Compensating control | Mechanism | Trade-off |
|---|---|---|
| Restricted access | Limit who/what can connect to the vulnerable endpoint | Reduces availability |
| Tunneling | Wrap the vulnerable protocol inside a PQ-encrypted tunnel | Adds latency, operational complexity |
| Enhanced monitoring | Detect and alert on anomalous authentication patterns | Reactive, not preventive |
| Shorter key lifetimes | Reduce the window of exposure for any single key | Increases operational churn |
| Pre-positioned trust anchors | Deploy PQ root keys now via out-of-band channels | Only works for trust anchors, not live authentication |
Once smaller PQ signatures arrive (2030s), compensating controls can be removed and full efficiency/security restored.
Anti-pattern: Waiting for the perfect algorithm¶
Delaying PQ migration entirely because ML-DSA is "too big" is the wrong choice. The threat arrives on a timeline set by quantum hardware progress, not by algorithm-standardisation timelines. "You go to war with the algorithms you have, not the ones you wish you had."
(Source: sources/2026-07-09-cloudflare-post-quantum-signature-algorithms)
Consequences¶
- Compensating controls are temporary and expensive โ track removal timelines.
- The migration is not a single event but a multi-year transition period.
- Supporting both PQ and classical creates a downgrade attack surface that itself needs mitigation.
- Disabling classical crypto (eliminating downgrade) takes years in distributed systems.
Seen in¶
- sources/2026-07-09-cloudflare-post-quantum-signature-algorithms โ Cloudflare's argument for deploying ML-DSA now with compensating controls rather than waiting for better algorithms