cloudflare
diff --git a/‎src/assets/images/ssl/pqc-clientless-access.png‎
72.3 KB b/‎src/assets/images/ssl/pqc-clientless-access.png‎
72.3 KB
diff --git a/‎src/assets/images/ssl/pqc-secure-web-gateway.png‎
67.1 KB b/‎src/assets/images/ssl/pqc-secure-web-gateway.png‎
67.1 KB
diff --git a/‎src/content/docs/ssl/post-quantum-cryptography/pqc-and-zero-trust.mdx‎
Lines changed: 7 additions & 1 deletion b/‎src/content/docs/ssl/post-quantum-cryptography/pqc-and-zero-trust.mdx‎
Lines changed: 7 additions & 1 deletion
@@ -14,6 +14,10 @@ Refer to the sections below to learn about the use cases supported by the Zero T
 
 [Clientless](/cloudflare-one/connections/connect-devices/agentless/) [Access](/cloudflare-one/applications/configure-apps/self-hosted-public-app/) protects an organization's Internet traffic to internal web applications against quantum threats, even if the applications themselves have not yet migrated to post-quantum (PQ) cryptography.
 
+![Diagram of how post-quantum cryptography works with clientless Access](~/assets/images/ssl/pqc-clientless-access.png).
+
+Here is how it works today:
+
 **1. PQ connection via browser**
 
 As long as the end-user uses a modern web browser that supports post-quantum key agreement (for example, Chrome, Edge, or Firefox), the connection from the device to Cloudflare's network is secured via TLS 1.3 with post-quantum key agreement.
@@ -34,6 +38,8 @@ A [secure web gateway (SWG)](/learning/access-management/what-is-a-secure-web-ga
 
 [Cloudflare Gateway](/cloudflare-one/policies/gateway/http-policies/) is now a quantum-safe SWG for HTTPS traffic. As long as the third-party website that is being inspected supports post-quantum key agreement, then Cloudflare's SWG also supports post-quantum key agreement. This is true regardless of the on-ramp that you use to get to Cloudflare's network, and only requires the use of a browser that supports post-quantum key agreement.
 
+![Diagram of how post-quantum cryptography works with Cloudflare's Secure Web Gateway](~/assets/images/ssl/pqc-secure-web-gateway.png).
+
 Cloudflare Gateway's HTTPS SWG feature involves two post-quantum TLS connections, as follows:
 
 **1. PQ connection via browsers**
@@ -44,5 +50,5 @@ A TLS connection is initiated from the user's browser to a data center in Cloudf
 
 A TLS connection is initiated from a data center in Cloudflare's network to the origin server, which is typically controlled by a third party. The connection from Cloudflare's SWG currently supports post-quantum key agreement, as long as the third-party's origin server also already supports post-quantum key agreement. You can test this out by using https://pq.cloudflareresearch.com/ as your third-party origin server.
 
-Put together, Cloudflare's SWG is quantum-ready to support secure access to any third-party website that is quantum ready today or in the future.
+Putting it together, Cloudflare's SWG is quantum-ready to support secure access to any third-party website that is quantum ready today or in the future.