On 26/05/2026 21:34, Brian E Carpenter wrote:
Fair enough. But I have been led to understand that hybrid algorithms are very significantly harder to break than either conventional or PQ algorithms, and only somewhat more expensive to deploy.
The (esp. deployment) situation differs significantly between hybrid KEMs and signatures. And some people like to argue against hybrid anything. I for one have never found those arguments at all convincing. S.
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
