|
|
|
|
|
|
by lxdlam
694 days ago
|
|
|
I'm curious why the author always recommends using a hybrid scheme, i.e., a classical protocol combined with a PQC protocol. I'm not an expert in PQC; what property are we losing that requires us to still need a classical protocol in the same time? Edit: I've found a design draft associated with the TLS 1.3 hybrid scheme that explains the choice: https://datatracker.ietf.org/doc/html/draft-ietf-tls-hybrid-.... |
|
|