On Tue, Apr 07, 2026 at 12:31:08AM +0200, Muhammad Usama Sardar wrote: > On 06.04.26 23:24, Nico Williams wrote: > > Their trade-offs might be different to ours. Perhas they think that > > security in-depth means you'll use TLS at the application layer, with > > hybrids, and so if you use PQ-only at the network layer, in the worst > > case scenario you're still protected by the use of hybrids at the > > application layer. > > Well, this double TLS is really shooting on the foot the only somewhat > reasonable argument I've seen for non-hybrid so far: efficiency!
We've seen this argument made before on this list. If you're double- encrypting, and each layer uses different algorithms... IIUC NSA mandates double-encryption. Considering the need/desire for defense in-depth, I am much less concerned about IEEE 802.11x using non-hybrid PQ than I am about TLS using non-hybrid PQ. Nico -- _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
