* As others also commented before, what is so special about PQC here? I believe the draft makes that issue clear.
There is a rather special case where some entity develops a CRQC without anyone knowing about it and can thus surreptitiously break non-PQ DSA and forge certificates. I guess this is not too different from having a secret classical algorithm that breaks ECDSA, but (as hybrid enthusiasts suggest) people are less skeptical of the former than the latter Y(J)S This message is intended only for the designated recipient(s). It may contain confidential or proprietary information. If you are not the designated recipient, you may not review, copy or distribute this message. If you have mistakenly received this message, please notify the sender by a reply e-mail and delete this message. Thank you.
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
