I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is Ready with Nits.

This documen provides an extensive set of definitions and descriptions
of hybrid (tranditional and post-quantum) security elements,
algorithms, schemes, protocols, certificates, etc. The Security
Considerations section seems adequate.

Very Minor
----------

Section 1, first paragraph: consider adding a specific time frame but
only if you have a good reference to support it. I understand that
some governments use 40 years for most data.

Nits
----

Suggest expanding NIST and ETSI on first use.

Section 1, page 3, first paragraph: "at the time of publication is
widely used" -> "at the time of publication it is widely used"

Section 1, page 4: "At the time of publication, hybrid is generally
used for schemes that combine post-quantum and traditional algorithms
so will be used throughout this document, " -> "At the time of
publication, hybrid is generally used for schemes that combine
post-quantum and traditional algorithms; it will be so used throughout
this document, "

Section 1, last paragraph page 4: "focus on post-quantum traditional
combinations" -> "focus on combinations of post-quantum and
traditional"

Section 2, page 5, need to add a comma as follows: "Where there is
little risk of confusion, traditional asymmetric"

Section 2, top of page 6, replace semi-colon with comma as follows:
"Should an attack be found against a post-quantum algorithm, it is
commonly still"

Section 2, page 6, first compete paragraph: "above, but these" -> "above. These"

Section 2, page 7: I think the following sentence should not be
indented but should be flush left since it seems to relate to multiple
previous entries, not just the immediately preceeding entry:
      PQ/T hybrid KEMs, PQ/T hybrid PKE, and PQ/T hybrid digital
      signatures are all examples of PQ/T hybrid schemes.

Section 4, page 11: "chose to do so" -> "choose to do so"

Section 5, page 14: Doesn't the following apply to backwards
compatibility also?:
      Note that PQ/T hybrid forwards compatability is a protocol or
      scheme property only.

There are some references to Internet drafts that do not reference the
latest version. I suggest that, unless there is some special reason to
reference a particular version, the draft reference be to the
unversioned draft.

Thanks,
Donald
===============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 2386 Panoramic Circle, Apopka, FL 32703 USA
 d3e3e3@gmail.com