alt Hacker Newsone more Pro hybrid only: reduction of transitions is doubtful since by the time PQC is clearly better, we're likely to have better PQC algorithms (and or better attacks that force more conservative parameters). At a bare minimum, we aren't ready to move to pure PQC until we can go a couple years without continued improvements in lattice reduction algorithms.
This is like saying we should have halted all RSA deployments until improvements in sieving stopped happening. The lattice contestants were all designed assuming BKZ would continually improve. It's not 1994 anymore, asymmetric cryptography is not a huge novelty to the industry, nobody is doing the equivalent of RSA-512.