Question: Post Quantum Crypto

[wland32]

Am I correct in assuming that this implementation of post quantum crypto only affects the key exchange?
https://github.com/janmojzis/tinyssh/blob/master/PROTOCOL.sntrup4591761x25519-sha512

If so, wouldn't this be only an experiment without adding security since the authentication of the server is still done using rsa (or other non post quanten algorithms)?

Meaning if someone has a quantum computer with the nessessary sice to break e.g. rsa 3072 that someone could circumvent the current use of post quanten crypto key exchange by a man in the middle attack and forging the then broken rsa Key of the server.

Is this assumtion correct?
If so what is the use case of the current implementation?

[janmojzis]

Am I correct in assuming that this implementation of post quantum crypto only affects the key exchange?
https://github.com/janmojzis/tinyssh/blob/master/PROTOCOL.sntrup4591761x25519-sha512

YES

If so what is the use case of the current implementation?

Without post quantum KEX attacker can record SSH session and later with quantum computer can decrypt everything. PQ KEX solves this problem.

And of course we also need post quantum signature algorithm before the attacker has quantum computers.