Calls to "relax" about the cryptographic threat of quantum computing seem to set aside one important practical fact: that the real-world duty life of some classes of gear is measured in decades (whether by design, org inertia, cost, etc).
PQC work understands how long it can take for equipment in the field to be rotated out. They're effectively trying to make 2055 less of a security s--t show.
The next-best time to plant a security tree is now.
Edit: see my reply here for some risk-tradeoff reasoning.
https://infosec.exchange/@tychotithonus/115016017588683054
@ekg@social.librem.one I definitely understand the perspective. But as a security professional, I have to balance the likelihood of a future event with A) the magnitude of its impact, B) the cost of future mitigation, vs C) the controlled burn of mitigating it in advance.
Even if the chances of practical QC in 30 years are one in a thousand, we know about the stickiness of existing deployments, vs difficulty to upgrade (magnified by the proliferation both of IoT and the degree and volume of sensitive activities adding cloud dependencies, making interception risk pervasive).
The chaos of all of that suddenly being interceptable would make Heartbleed look like a Sunday afternoon nap.
And since the interdependence of everything is only growing, interoperability inertia ("we can't upgrade because our dependency / partner hasn't yet, or can't") would make an emergency transition even higher friction / catastrophic.
Even if PQC takes 100 years, better to start eliminating it now than accumulating technical debt around that interdependency.
Royce Williams