As the threat of quantum computing looms over traditional encryption, the National Institute of Standards and Technology (NIST) has finalized the first set of post-quantum cryptography (PQC) standards to protect our digital infrastructure. Among these, the Module-Lattice-Based Digital Signature Algorithm (ML-DSA), standardized in FIPS 204, stands out as the primary successor for general-purpose digital signatures. The NIST PQC Selection In August 2024, NIST released three fin

The transition to post‑quantum cryptography (PQC) presents a fundamental challenge: organisations must adopt PQC algorithms while maintaining the operation of a vast ecosystem of systems, devices, and protocols that may only understand classical cryptography. Although, no single certificate format solves this problem universally. Three main certificate‑based approaches have emerged, each offering different trade‑offs between backward compatibility, security, and long‑term arc

Implications of CA/Browser Forum Ballot SC‑081v3 for Public and Private PKI The CA/Browser Forum approved Ballot SC‑081v3, introducing a staged reduction in the maximum permitted lifetime of publicly‑trusted TLS certificates. Between 2026 and 2029, certificate validity will decrease from 297 days to 47 days, with reductions applied annually. These requirements apply exclusively to Public CAs. Private enterprise CAs are not subject to these rules and may continue to define cer

The Problem As certificate volumes increase and validity periods shorten, manual certificate management becomes increasingly unsustainable. Human-driven processes are inherently error-prone, difficult to scale, and often dependent on specialised knowledge held by a small number of individuals. Missed renewals, misconfigurations, and inconsistent implementations can lead to service outages, security incidents, and significant business impact. In live environments, automation i

Krestfield Partners with Unsung to Deliver Certificate Lifecycle Management and PKI Solutions Krestfield is proud to announce a strategic partnership with Unsung, a specialist UK consultancy focused exclusively on Public Key Infrastructure. Together, we are strengthening the digital trust landscape with enterprise-grade certificate lifecycle management solutions that address the needs of governments, regulated industries and high-assurance environments. This collaboration bri