> On 19 Oct 2025, at 12:01, Jay Acuna via Gnupg-users <[email protected]> > wrote: > > The point is I shared best practice to append post-quantum protections, > to your security plans, and it is fine if you disagree.
I want to make one thing really, really clear to all observers. Jay references OpenSSH. OpenSSH’s PQ/T mechanism uses HKDF to mitigate the group analysis problem that Rob raised. So does GnuPG’s “Kyber” PQ/T algorithm, as does the upcoming OpenPGP PQC specification, and TLS, and, and… Jay’s proposed hybrid encryption scheme does not use a KDF. It is therefore NOT best practice. The fact that he does not understand the group analysis problem, or how a KDF is essential to protect against it, means that he is unqualified to make pronouncements about the security properties of his or any other scheme. Please do not listen to him. A _______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
