Comment by westurner

Though there is a difference between a cert signature (ML-DSA) and a challenge (ML-KEM), ultimately and fundamentally, isn't real key size still a relevant metric for comparison.

(Everyone dnvoted this like -6/-7. I guess they didn't understand the relevance.)

IDK a terse analogy then:

MerkleCerts + ML-DSA : ML-DSA :: Challenge (ML-KEM,) : ____ (ML-DSA)

Merkle-signing cert trust roots is a security/bytes-transferred efficiency tradeoff.

What is the difference in number of bytes seemed usefully relevant to me at least.