Post-Quantum Cryptography Alliance - Technical Advisory Council (TAC) Meeting 11 February, 2026

View Recording Recordings are also available on your Open Profile page under Past Meetings
Join the meeting
PQCA Meeting Calendar
Discord Server)

Antitrust Policy Notice

Linux Foundation meetings involve participation by industry competitors, and it is the intention of the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Examples of types of actions that are prohibited at Linux Foundation meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at linuxfoundation.org/antitrust-policy. If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.

Voting Representative Attendance (Alphabetical by 1st name)

Premier Member Representatives

  • Brian Jarvis, AWS [TAC Chair]
  • Michael Maximilien, IBM
  • Norman Ashley, Cisco (OQS Rep)
  • Sophie Schmieg, Google

### Project Representatives

  • Matthias Kannwischer, TCR
  • Hanno Becker, AWS (PQCP)
  • Andreas Schade, IBM (CBOMkit)

Non-Voting Representative Attendance

LF Staff

  • Christina Harter
  • Hart Montgomery
  • Min Yu

Other Attendees

  • Aditya Koranga, NgKore [TAC Vice Chair]
  • Abner Rodriguez-Guadalupe
  • Miguel Diaz Goncalves
  • Dhananjay
  • Panos Kampanakis
  • Thales Paiva

Meeting Agenda

  • Action item follow ups:
    • [Norman] OQS metric
    • [Andreas / Katerina / Finn] CBOMkit Pipeline blog post
    • Call for Mentors open until March 13
    • Feedback to share from previous mentors
    • Winter Mentorship ending early
    • Blog post from Basil’s fall mentee coming soon

Discussion & Updates

Introduction of 1st Time Attendees

The TAC welcomed new attendees:

  • Dhananjay - who joined to present a project proposal.
  • Panos - from AWS.
  • Thales - Professor at the University of São Paulo.

PQCA Membership and Mentorship Updates

Christina announced that the NgKore Foundation has been approved as a new associate member of PQCA.

Christina also provided updates on the upcoming Summer Mentorship Program (June–August 2026):

  • Call for mentors is open through March 13.
  • Mentor project proposals will be reviewed by the TAC.
  • Mentee applications will follow the established timeline.
  • Christina shared feedback from previous mentors (Matthias and Basil) regarding time commitment and expectations, which will be circulated more broadly.

Matthias Feedback: Last year, I mentored a contributor on mldsa-native. Initially, I wasn’t sure what to expect, especially when we received over 50 applications, most from candidates with little cryptography or open source experience. Sorting through them took some effort, so I’d recommend having clear selection criteria ready beforehand. I did some interviews with a shortlist of candidates.

Once matched, the time commitment was lighter than I expected. Early on, most of the mentoring was me explaining things directly. As my mentee got up to speed, most interaction moved to pull request discussions and was shared between maintainers. We had a brief weekly sync (often just 10 minutes), and day-to-day coordination ran mostly through GitHub and Discord.

Preparing a few easy starter tasks upfront made it much easier for the mentee to get started. From there, my mentee ramped up quickly and landed real contributions that helped move the project forward.

Basil Feedback: My time commitment for the mentorship was approximately 2 hours per week throughout the program. This included our weekly sync meetings, reviewing milestones, and providing guidance and technical direction.

I found it very valuable to invest time before the start of the mentorship to define a clear project description and set tangible milestones. Since my mentee is a PhD student who intends to continue developing the project beyond the official mentorship period (e.g., preparing a conference submission or writing a publication), my advice is to view the official project timeline as a guideline for the key milestones, while remaining flexible and open to continued mentoring when appropriate.

Christina also provided an update on blog submissions:

  • A mentee blog post is in progress.
  • Awaiting David Chisnall’s decision on whether to submit the original or rewritten version of his blog post for PQCA publication.

Project Updates

  • OQS
    • Brian asked about progress on the OQS metric discussion. Norman agreed to revisit the topic at the next OQS TSC meeting and provide updates.

The team also discussed upcoming OQS release planning, including the need to update mlkem-native, which is currently nine months behind the latest drops. Norman noted he will take feedback regarding increased release frequency back to the OQS team and coordinate timing for mldsa-native updates.

  • PQCP
    • Matthias reported on several PQCP updates:
  • Presentation scheduled for March 9 at RWC in Taipei, where Matthias and Hanno will present on mlkem-native.
  • Ongoing work on HOL-Light proofs and extended verification for x86 and ARM.
  • Continued verification of assembly components.
  • Integration and cleanup of an ARM contribution introducing an MVE backend.
  • Planned regular time-based releases for both mlk-native and mldsa-native, targeting every 1–3 months.

Matthias emphasized the importance of aligning mlkem-native updates ahead of the RWC talk.

  • CBOMkit
    • Aditya shared updates on CBOM Kit:
  • Added Go language support on SonarQube, doing integration with CBOMkit
  • Go implementation includes support for the standard crypto library and extended X Crypto library on SonarQube.
  • No formal roadmap exists for additional languages; however, members from the NgKore Foundation expressed interest in contributing support for C and C++, which will be raised as a discussion item.
  • The previously scheduled CBOMkit meeting was canceled due to absences, but the CBOMkit pipeline integration blog post will be revisited at the next meeting.

TLS Endpoint Scanning Proposal

Dhananjay introduced a proposal for a TLS endpoint scanning tool designed to:

  • Identify TLS/HTTPS endpoints.
  • Analyze cryptographic configurations.
  • Assess potential quantum risk exposure.

The TAC discussed whether this should be developed as:

  • A standalone project under PQCA, or
  • An extension to CBOMkit, complementing its existing code-level scanning capabilities.

Aditya and others noted alignment between Dhananjay’s proposal and CBOMkit functionality, suggesting integration may be the more strategic path.

Dhananjay agreed to attend the next CBOMkit meeting to present the proposal in more detail and gather feedback from the CBOMkit TSC members.

Next Steps / Action Items

Action Item Owner Status / Due Date
Revisit OQS metric discussion at next OQS TSC meeting and report updates Norman Next OQS TSC meeting
Raise CBOMkit pipeline integration blog post at next CBOM Kit meeting and report back Aditya Next TAC meeting
Share feedback from previous mentors (Matthias & Basil) with mailing list or include in meeting minutes Christina Before next meeting
Await David Chisnall’s decision on blog version and, if new, send to content review team Christina Pending decision
Take feedback on mlkem-native release frequency to OQS team and coordinate release timing Norman Before next meeting
Attend next CBOMkit meeting to present TLS endpoint scanning proposal Dhananjay Next CBOMkit meeting
Add TLS endpoint scanning proposal to CBOMkit TSC meeting agenda Aditya Before next CBOMkit meeting

Adjourned: 7:33am PT.