As others pointed out, it's not so easy to switch, as the PQC versions require much more data to be sent to establish a connection, and consequently way more CPU time. So the CPS you can achieve with this type of cryptography will be MUCH worse than classical algorithms.

▲

ifwinterco 5 days ago | parent | next [-]

Let's be honest though, key exchange is not exactly the limiting factor for web performance in 2025

	▲	msgodel 5 days ago \| parent [-]
		It can be limiting for other things though. Encrypted DNS was already marginal for some TLD operators, adding the overhead of PQC may actually make it completely impractical.

▲

fxwin 5 days ago | parent | prev [-]

it doesn't get much easier than that, and the downsides are much much much less of an inconvenience than having your data breached depending on what it is.