In the early 2000s, I was responsible for a number of core security technologies in Windows, including cryptography. As part of that role, we had an organizational push to support \u201cvanity\u201d national algorithms in SChannel (and thus SSL\/TLS) and CMS. Countries like Austria and China wanted a simple DLL\u2011drop mechanism that would allow any application built on the Windows crypto stack to instantly support their homegrown ciphers.<\/p>\n\n\n\n
On paper, it sounded elegant: plug in a new primitive and voil\u00e0, national\u2011sovereignty protocols everywhere. In practice, however, implementation proved far more complex. Every new algorithm required exhaustive validation, introduced performance trade-offs, risked violating protocol specifications, and broke interoperability with other systems using those same protocols and formats.<\/p>\n\n\n\n
Despite these challenges, the threat of regulation and litigation pushed us to do the work. Thankfully, adoption was limited and even then, often misused. In the few scenarios where it \u201cworked,\u201d some countries simply dropped in their algorithm implementations and misrepresented them as existing, protocol-supported algorithms. Needless to say, this wasn\u2019t a fruitful path for anyone.<\/p>\n\n\n\n
As the saying goes, \u201cfailing to plan is planning to fail.\u201d In this case, the experience taught us a critical lesson: real success lies not in one-off plug-ins, but in building true cryptographic agility<\/strong>.<\/p>\n\n\n\n We came to realize that instead of chasing edge-case national schemes, the real goal was a framework that empowers operators to move off broken or obsolete algorithms and onto stronger ones as threats evolve. Years after I left Microsoft, I encountered governments still relying on those early plugability mechanisms\u2014often misconfigured in closed networks, further fracturing interoperability. Since then, our collective expertise in protocol engineering has advanced so far that the idea of dynamically swapping arbitrary primitives into a live stack now feels not just na\u00efve, but fundamentally impractical.<\/p>\n\n\n\n Since leaving Microsoft, I\u2019ve seen very few platforms, Microsoft or otherwise, address cryptographic agility end-to-end. Most vendors focus only on the slice of the stack they control (browsers prioritize TLS agility, for instance), but true agility requires coordination across both clients and servers<\/strong>, which you often don\u2019t own.<\/p>\n\n\n\n Crypto agility isn\u2019t about swapping out ciphers. It\u2019s about empowering operators to manage the full lifecycle of keys, credentials, and dependent services<\/strong>, including:<\/p>\n\n\n\n Coincidentally, NIST has since released an initial public draft titled Considerations for Achieving Crypto Agility<\/em> (CSWP 39 ipd, March 5, 2025), available here. In it, they define:<\/p>\n\n\n\n \u201cCryptographic (crypto) agility refers to the capabilities needed to replace and adapt cryptographic algorithms in protocols, applications, software, hardware, and infrastructures without interrupting the flow of a running system in order to achieve resiliency.\u201d<\/strong><\/p>\n<\/blockquote>\n\n\n\n That definition aligns almost perfectly with what I\u2019ve been advocating for years\u2014only now it carries NIST\u2019s authority.<\/p>\n\n\n\n Ultimately, consumers and relying parties\u2014the end users, application owners, cloud tenants, mobile apps, and service integrators\u2014are the 99% who depend on seamless, invisible crypto transitions<\/strong>. They shouldn\u2019t have to worry about expired credentials, lapsed crypto periods, or how to protect and rotate algorithms without anxiety, extensive break budgets or downtime.<\/p>\n\n\n\n True agility means preserving trust and control<\/strong> at every stage of the lifecycle.<\/p>\n\n\n\n Of course, delivering that experience requires careful work by developers and protocol designers. Your APIs and specifications must:<\/p>\n\n\n\n To make these lifecycle stages actionable, NIST\u2019s Crypto Agility Maturity Model (CAMM)<\/strong> defines four levels:<\/p>\n\n\n\n Embedding this roadmap into your operations plan helps you prioritize inventory, modularity, drills, and automation<\/strong> in the right order.<\/p>\n\n\n\n This operator-focused lifecycle outlines the critical phases for managing cryptographic algorithms and associated keys, credentials, and implementations, including module or library updates when vulnerabilities are discovered:<\/p>\n\n\n\n Each phase builds on the one before it. Operators must do more than swap out algorithms\u2014they must update every dependent system and implementation. That\u2019s how we minimize exposure and maintain resilience<\/strong> throughout the cryptographic lifecycle.<\/p>\n\n\n\n What’s the message then? Well, from my perspective, cryptographic agility isn\u2019t a feature\u2014it\u2019s an operational mindset. It\u2019s about building systems that evolve gracefully, adapt quickly, and preserve trust under pressure. That\u2019s what resilience looks like in the age of quantum uncertainty and accelerating change.<\/p>\n","protected":false},"excerpt":{"rendered":" In the early 2000s, I was responsible for a number of core security technologies in Windows, including cryptography. As part of that role, we had an organizational push to support \u201cvanity\u201d national algorithms in SChannel (and thus SSL\/TLS) and CMS. Countries like Austria and China wanted a simple DLL\u2011drop mechanism that would allow any application […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[3,4],"tags":[],"class_list":["post-1020","post","type-post","status-publish","format-standard","hentry","category-security","category-thoughts"],"_links":{"self":[{"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/posts\/1020","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1020"}],"version-history":[{"count":0,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/posts\/1020\/revisions"}],"wp:attachment":[{"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1020"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1020"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1020"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}My Definition of Crypto Agility<\/h2>\n\n\n\n
\n
<\/li>\n\n\n\n
<\/li>\n\n\n\n
<\/li>\n\n\n\n
<\/li>\n\n\n\n
<\/li>\n\n\n\n
<\/li>\n\n\n\n
<\/li>\n<\/ul>\n\n\n\n\n
Crypto Agility for the 99%<\/h2>\n\n\n\n
\n
<\/li>\n\n\n\n
<\/li>\n<\/ul>\n\n\n\nA Maturity Roadmap<\/h2>\n\n\n\n
\n
<\/li>\n\n\n\n
<\/li>\n\n\n\n
<\/li>\n\n\n\n
<\/li>\n<\/ul>\n\n\n\nMy Lifecycle of Algorithm and Key Management<\/h2>\n\n\n\n
\n
<\/li>\n\n\n\n
<\/li>\n\n\n\n
<\/li>\n\n\n\n
<\/li>\n\n\n\n
<\/li>\n\n\n\n
<\/li>\n\n\n\n
<\/li>\n<\/ul>\n\n\n\nConclusion<\/h2>\n\n\n\n