Two papers came out last week that suggest classical asymmetric cryptography might indeed be broken by quantum computers in just a few years.
That means we need to ship post-quantum crypto now, with the tools we have: ML-KEM and ML-DSA. I didn't think PQ auth was so urgent until recently.
@filippo @robpike Here's an NSA publication on this topic, from 10 years ago. What I love about this is how they describe their requirements: they have to field systems and guarantee their security for 30 years into the future.
https://archive.org/details/cnsa-suite-and-quantum-computing-faq/mode/2up
Filippo Valsorda
slash