Post-Quantum Cryptography Alliance - Technical Advisory Council (TAC) Meeting 25 February, 2026

View Recording

Recordings are also available on your Open Profile page under Past Meetings

Join the meeting

PQCA Meeting Calendar

Discord Server

Antitrust Policy Notice

Linux Foundation meetings involve participation by industry competitors, and it is the intention of the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Examples of types of actions that are prohibited at Linux Foundation meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at linuxfoundation.org/antitrust-policy. If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.

Voting Representative Attendance (Alphabetical by 1st name)

Premier Member Representatives

  • Brian Jarvis, AWS [TAC Chair]
  • Michael Maximilien, IBM
  • Norman Ashley, Cisco (OQS Rep)
  • Sophie Schmieg, Google

### Project Representatives

  • Andreas Schade, IBM (CBOMkit)
  • Hanno Becker, AWS (PQCP)
  • Matthias Kannwischer, TCR

Non-Voting Representative Attendance

LF Staff

  • Christina Harter
  • Hart Montgomery
  • Min Yu

Other Attendees

  • Aditya Koranga, NgKore [TAC Vice Chair]
  • Dhananjay Bhujbal
  • Panos Kampanakis
  • Sandip Dholakia

Meeting Agenda

Follow ups:

  • OQS metric
  • CBOMkit pipeline integration blog post

New items:

  • Christina: TAC Chair and Technical Community Representative (TCR) nominations now open
  • Christina: Reminder: Call for Mentors for PQCA Summer Mentorship Program
  • Christina: OQS Fall 2025 mentee blog post update
  • OpenSSF baseline for PQCA projects

Discussion & Updates

Introduction of 1st Time Attendees

No new attendees.

2026 Elections and Mentorship Updates

Christina reminded the group that nominations are currently open for:

Nominations remain open through March 12, with voting scheduled for March 13–20.

Christina also announced:

  • An OQS Fall mentee blog post has been approved following Brian’s review and will be published today. Final blog post
  • A new PQCA-related blog post from David Chisnall will be sent to the content review team today.
  • The call for PQCA mentorship program mentors remains open for the Summer 2026 session (June–August).

OQS Metrics and Blog Follow-Ups

Norman confirmed that the OQS metrics discussion remains unchanged. Brian suggested continuing forward with periodic updates rather than waiting for further refinements.

The CBOMkit pipeline integration blog post remains paused due to the author’s absence.

OpenSSF Baselines Discussion

Hart introduced the topic of OpenSSF Baselines, describing them as a structured security checklist that can help projects demonstrate adherence to best practices. While PQCA projects are already security-focused, certification could serve as:

  • A structured self-assessment
  • An external signaling mechanism for enterprise users

The TAC agreed that each project TSC (OQS, CBOMkit, PQCP) should evaluate:

  • The value of pursuing OpenSSF baseline compliance
  • The appropriate level to target
  • Whether the effort would provide strategic differentiation

Hart offered to collect feedback and relay it to OpenSSF leadership.

Project Updates

  • OQS (Norman)
    • There is ongoing planning for the next OQS release.
    • The team discussed coordinating mlkem-native update timing, especially in light of increased release frequency from PQCP.
  • PQCP (Matthias)
    • Upcoming talk about mlkem-native at RWC 2026 on March 9, 2026.
    • Progress in our experimental Armv8.1-M/MVE backend (see pq-code-package/mlkem-native#1524)
    • mlkem-native
      • Porting HOL-Light constant-time and memory safety proofs from s2n-bignum (and filling in gaps)
      • Wrapping up conversion of x86_64 compression intrinsics to assembly + HOL-Light correctness proofs
      • x86_64 AVX2 Keccak implementation with HOL-Light correctness proof contributed by @manastasova - under review
    • mldsa-native:
      • (Slow) progress towards HOL-Light correctness proofs of native code (x86: 3/17; AArch64: 4/17 – some still under review)
      • Added Cortex-M33 baremetal tests - considering an Armv7/8-M backend
  • CBOMkit (Andreas)
    • Golang support added to CBOMkit
    • Version upgrade to 2.2
    • Improved support for Go crypto libraries

    • Potential future language support (C/C++), pending contributor interest

TLS Endpoint Scanning Proposal

Dhananjay presented a Go-based TLS endpoint scanning tool that:

  • Performs TLS handshakes
  • Extracts supported TLS versions and cipher suites
  • Collects certificate chains
  • Analyzes cryptographic configurations
  • Plans to add quantum risk classification

The tool currently operates as a CLI and does not yet produce output in CBOM format.

Discussion points included:

  • Whether to integrate the tool into CBOMkit or pursue it as a standalone project
  • The risk of duplicating existing TLS scanning tools
  • The strategic value of adding quantum risk analysis as a differentiator

Andreas suggested adapting the output into CBOM format.

Norman and Brian emphasized the potential value of combining source-level scanning and network-level validation.

The TAC agreed the appropriate next step is discussion within the CBOMkit TSC, including a review of maturity, roadmap, and integration options.

Next Steps / Action Items

Action Item Owner Status / Due Date
Publish OQS fall mentee blog post and share on social channels Christina Done
Send David Chisnall’s PQCA-related blog post to content review team Christina Done
Review OpenSSF Baselines discussion within OQS TSC and report back Norman Next OQS TSC meeting
Discuss OpenSSF Baselines value and target level within CBOMkit TSC and report back Andreas Next CBOMkit TSC meeting
Evaluate OpenSSF Baselines within respective TSCs (OQS, CBOM Kit, PQCP) and provide feedback All relevant TSCs Before next TAC meeting
Adapt TLS network analyzer output toward CBOM format and prepare maturity presentation Dhananjay Next CBOMkit meeting
Add TLS endpoint scanning proposal to CBOMkit TSC agenda Aditya Before next CBOMkit meeting
Collect OpenSSF feedback from PQCA projects and relay to OpenSSF Hart Ongoing
Submit nominations (with consent) for TAC Chair, TCR, and Governing Board positions All interested parties March 12 deadline
Volunteer as mentor and review mentorship program details on wiki All interested parties March 13 deadline

Adjourned: 7:58am PT.