I was agreeing with you, of course if they have intercepted all traffic they have both public-key encryption key exchange and the resulting symmetrically encrypted traffic and that they could correlate it... I’m sorry if I was a bit longwinded and pedantic in my reply, I didn’t realise I was talking to virtual Hacker News nobility (with ten times the karma I do!).
Btw on post quantum crypto: the problem is that most of it has not yet had enough conventional cryptanalysis. Makes no sense to use an algorithm immune to quantum speedup if it's conventionally vulnerable.
I thought it was a really straightforward obvious idea. I'd do it if I were them and had such deep pockets.
QC is clearly coming. Lots of news lately.