> In your PQ safety blanket article https://soatok.blog/2026/04/13/hybrid-constructions-the-post... you make it pretty clear the reason you support hybrid is tactical, not cryptographic.
What does it matter that my public arguments are tactical? Hybrid gets us to PQ faster, which makes progress on plugging up the HNDL risk.
> Your wording ("Once Q-Day happens") strongly suggests Q-Day will happen, like, it’s so certain you don’t even need to state it explicitly, you can just assume it will.
The literal opening section is talking about recent changes in direction from large Internet providers about quantum computing risks.
The rest of the article is predicated on "these companies' risk assessment turns out to be correct".
Separately, in https://soatok.blog/2024/09/13/e2ee-for-the-fediverse-update... I wrote more about my actual beliefs about the likelihood of Q-Day.
> It’s pretty clear from there that you think ECDH is now technically useless, and the only real justification for hybrid schemes (as opposed to pure PQ), is to reassure the people still unsure about the likes of ML-KEM. Sure you still do recommend going hybrid, but from what I can tell, you would have preferred a world where we go pure PQ right away.
You are extrapolating from the subsidiary clause of an if statement whose truth value I do not claim to know.
> And so would I to be honest (if ECC is a bust): one algorithm is simpler and faster than two.
Sure.