[adgjlsfhk1]

> Because the current plans aren't to migrate to just hybrid classical+PQC schemes, the plans are to migrate to PQC fully. Discarding both RSA and ECC.

This isn't true. NIST has been saying that, but everyone else just laughs and implements hybrid since throwing out RSA/ECC is so obviously stupid.

[JoachimS]

If you have references to nations, governments that state that transition to hybrid I would love to get references. The EU transition will not be hybrid. The NSA plan is not hybrid. ETSI is not hybrid.

My view is that IETF and commercial entities such as Apple, Google and open source world are the ones going hybrid. In this case I would love to be wrong.

[Avamander]

> NIST has been saying that, but everyone else just laughs and implements hybrid since throwing out RSA/ECC is so obviously stupid.

The Australian government is also saying this.