Dear all,
I am an assigned INT directorate reviewer for draft-ietf-pquip-pqc-engineers-13.
These comments were written primarily for the benefit of the Internet Area
Directors. Document editors and shepherd(s) should treat these comments just
like they would treat comments from any other IETF contributors and resolve
them along with any other Last Call comments that have been received. For more
details on the INT Directorate, see
https://datatracker.ietf.org/group/intdir/about/
<https://datatracker.ietf.org/group/intdir/about/>.
As I am no expert neither in cryptography nor Quantum Computing my comments mostly deal with general observations and suggestion for possible clarification.

The document gives a quite broad overview on threats of future Post Quantum Computing means used by potential attackers on cryptographically  secured communication. IMO the document may improve by adding clarifications and correcting nits/typos as follow below:
Thanks and BR 
Dirk
  
P.4:
so too will quantum computers have a niche => so will quantum computers, too, have a niche

p.5:
into expected key, ciphertext and => into expected key, ciphertext, and

p.6:
Shor's algorithm ... Grover's algorithm : I suggest to add a reference here, e.g.
[] P.W. Shor. "Polynomial-time algorithms for prime factorization and discrete
logarithms on a quantum computer". SIAM review, 41(2):303–332, 1999.
[] L.K. Grover. "A fast quantum mechanical algorithm for database search".
In Proceedings of the twenty-eighth annual ACM symposium on Theory of
computing, page 219. ACM, 1996.

p.8:
AES-128, 192, and 256 =>AES-128, AES-192, and AES-256

National Agency ... => (French) National Agency ...

p.9:
factorization, finite field discrete logarithms or elliptic curve => factorization, finite field discrete logarithms, or elliptic curve

cryptography and is therefore vulnerable => cryptography and are therefore vulnerable

p.11:
 [HQC]: This algorithm is =>  [HQC]: Hamming Quasi-Cyclic coding algorithm which is

p.14:
HDNL attacks => HDNL ("harvest now, decrypt later") attacks

October, 2024 => October 2024

p.15:
number of required oracle queries => number of required oracle queries, i.e. of (unique) queries to a cryptographic black box resulting in random uniformly distributed responses [or add a better short explanation of the idiom here]

p.23:
11.1.  Security Properties of PQC Signatures - there is no text for this section! Formatting error??

p.26:
(i.e., XMSS-MT and HSS respectively) => (i.e., XMSS-MT and HSS, respectively)

p.27ff:
I suggest to add descriptive captions to tables 1 - 6 and refer to them accordingly in the text

p.34:
 [I-D.ietf-lamps-pq-composite-sigs]can => [I-D.ietf-lamps-pq-composite-sigs] can 

p.35/40:
vs => vs.

p.36:
needed ([I-D.draft-bonnell-lamps-chameleon-certs]. => needed ([I-D.draft-bonnell-lamps-chameleon-certs]). OR needed [I-D.draft-bonnell-lamps-chameleon-certs].

p.39:
PQ algorithms ... PQ overhead ... PQ costs : I assume this is identical to PQC algorithms, overhead, costs?

p.45:
[QuantSide] "QuantSide", n.d., <https://arxiv.org/pdf/2304.03315> => [QuantSide] "QuantSide", 2023, <https://arxiv.org/pdf/2304.03315> see: https://dl.acm.org/doi/10.1145/3576915.3623118 for (meanwhile) available details of this reference ...