2022.07.02 02:49:44 (1543034151544049664) from Daniel J. Bernstein:
NIST now says it plans to announce its selections of post-quantum algorithms on "Tuesday, July 5th" (I presume 2022, not 2033). Given the extent to which waiting for NIST has stalled pq deployment, this announcement is an important step forward no matter what the details are.
2022.07.02 02:52:04 (1543034738331435008) from Daniel J. Bernstein:
Regarding details, I _hope_ that whatever NIST picked turns out to be safe, and I _hope_ that their handling of patents turns out to be adequate. If so, great: this announcement will set many more wheels in motion towards deployment of high-security post-quantum cryptography.
2022.07.02 02:54:43 (1543035406194581504) from Daniel J. Bernstein:
But say NIST selects X, and later X turns out to be a disaster. (I question the competence of anyone who ignores this risk.) Are people then going to go back to waiting for NIST? Surely not. The announcement is getting rid of NIST's primary impact here as a deployment bottleneck.