Old and rare books on wooden shelves

The post-quantum transition is larger in scope than any single previous cryptographic migration, but it isn’t the industry’s first. The deprecations of MD5, SHA-1, and early TLS versions all offer genuine, specific lessons worth carrying forward.

Lesson 1: Deprecation Announcements Don’t Move Systems

SHA-1 was flagged as cryptographically weakening years before practical collision attacks were demonstrated and browsers finally stopped trusting SHA-1 certificates. In the interim, plenty of systems kept using it, not out of ignorance, but because nobody had translated the general warning into a concrete inventory of exactly where SHA-1 was in use in their specific environment. Knowing an algorithm is deprecated and knowing where you use it are different problems, and the second one is the one that actually enables action.

Lesson 2: The Long Tail Is Where Migrations Actually Stall

The bulk of any migration — the well-maintained, actively developed systems — tends to move reasonably fast once prioritised. It’s the long tail of legacy systems, embedded devices, and undocumented dependencies that drags a migration timeline out for years past its original estimate. Planning for that long tail explicitly, rather than assuming the “easy 80%” represents the whole effort, avoids a lot of downstream schedule surprise.

Lesson 3: Interoperability Periods Need to Be Deliberate, Not Accidental

Every past cryptographic transition has needed a period where old and new coexist, because not every counterparty upgrades on the same timeline. The organisations that handled this well planned that coexistence period explicitly — with a defined end date and a plan to close it — rather than letting “we support both” quietly become a permanent, unmanaged state.

Lesson 4: Automation Beats Heroics

Migrations that depended on manual, one-by-one system updates took dramatically longer, and produced far more inconsistent results, than migrations backed by automated configuration management and certificate lifecycle tooling. This lesson maps directly onto why certificate automation is worth solving before a large-scale post-quantum rollout, not during it.

What’s Genuinely Different This Time

Previous migrations generally replaced one algorithm with a directly comparable successor. This transition, because it spans essentially all public-key cryptography at once and introduces mathematically novel algorithm families, has more moving parts and less precedent to lean on for some of the harder judgment calls. That’s exactly why starting with a solid inventory and a phased, evidence-based plan matters more here, not less, than in past transitions.

Scroll to Top