If that draft is useful, it probably belongs in the UTA working group, not TLS.
I would express the guidance this way: Use a hybrid that combines PQ and “classic” algorithms, so that if one is broken you’re still safe. If you are required to use only PQ, so be it.
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
