Comment by vayup
This is a good time to remind everyone the technically sound choice of hybrid crypto is discouraged by NSA. I wish they didn't. PQ is a major overhaul to crypto systems. Setting aside the risk of yet-to-be-discovered algorithmic vulnerabilities, there is a huge risk of implementation mistakes leading to compromise. Mature classical crypto should be used as a backstop by deploying PQ in hybrid mode along classical crypto.
Isn't the point of hybrid crypto due to the possibility that this fancy new quantum resistant algorithms have a fatal flaw? If so, I could understand why NSA has that stance (if you don't trust the crypto its useless), but realistically it's a good idea.