Comment by simiones
2 days ago
As others pointed out, it's not so easy to switch, as the PQC versions require much more data to be sent to establish a connection, and consequently way more CPU time. So the CPS you can achieve with this type of cryptography will be MUCH worse than classical algorithms.
Let's be honest though, key exchange is not exactly the limiting factor for web performance in 2025
It can be limiting for other things though. Encrypted DNS was already marginal for some TLD operators, adding the overhead of PQC may actually make it completely impractical.
it doesn't get much easier than that, and the downsides are much much much less of an inconvenience than having your data breached depending on what it is.