On Wed, Feb 25, 2026 at 1:40 PM Blumenthal, Uri - 0553 - MITLL < [email protected]> wrote:
> > Admittedly your answer (reported here below) was not addressing my > concerns. > > > . . . . . > > > A hybrid still has a chance of being secure if old good crypto would be > successfully attacked, so your argument does not stand. > > > Let me repeat myself. If the data must *remain secure for a long time*, > then the Classic part does not help, and the security of that data lies > solely within the PQ component. Which part of this “does not stand”? > Isn't the point that the pure PQ ones might be broken by conventional computers (and they have in the past)? That's my understanding of the argument. thanks, Rob
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
