2b. You have to publish the retired private keys, or else a recipient will retain undeniable proof of message authenticity.
Depending on your perspective, this can be either a feature or a bug.
The fallout from this has barely begun to be felt. It’s more important than the hypothetical quantum crypto stuff imo.
The fallout from this has barely begun to be felt. It’s more important than the hypothetical quantum crypto stuff imo.