This is reasonable to add. However, this debate has caused ripple effects. We are very early in the post quantum transition phase. Having x25519 as hybrid is a safety belt.
I wish we could have civil discussions, avoiding escalations, and look forward in time. I also wish we could spend more time auditing pq code and algorithms rather than fighting each other. On Fri, 10 Apr 2026, 19:12 Salz, Rich, <[email protected]> wrote: > How about adding this to the end of the security considerations section? > > In deployments where the size and computation cost of deploying a hybrid > is negligible or otherwise not a concern, a PQ/T hybrid is more secure as > the traditional algorithms have had more analysis than their post-quantum > counterparts. In this case, developers SHOULD strongly consider if a PQ/T > hybrid meets their needs. > > _______________________________________________ > TLS mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
